From: utzoo!watmath!watcgl!dmmartindale
Newsgroups: net.unix-wizards
Title: Re: protecting kmem because someone felt obnoxious.
Article-I.D.: watcgl.79
Posted: Mon Dec 27 13:25:14 1982
Received: Tue Dec 28 04:54:29 1982
References: sri-unix.4927

The particular program posted may not be able to reliably read
passwords if the terminal is placed into cbreak or raw mode, but I'll
bet that I could write one that did, particularly if the person was a
slow typist.  If passwords is all you want, it might be a better attack
to scan for instances of "login" which are cpu-bound, and take a copy
of their password buffer while they are busily encrypting the supplied
password to check it against the /etc/passwd field - this takes 1 or 2
seconds.

Allowing general read on memory that may contain all sorts of data,
such as the clists or buffers or user memory, is inherently vulnerable
to this sort of snooping.  Maybe having a special version of the kmem
driver which allows access only to selected parts of the system (e.g.
CPU and I/O statistics, perhaps proc table) is a partial solution,
but some programs are going to have to be setuid or setgid because they
need access to a process's stack in order to print arg lists (ps, w).

So far we haven't worried too much about this at Waterloo since the
people here who are skilled enough to write programs to extract this
sort of information from the memory special files seem to be fairly
reasonable, responsible people.  But when someone on the net posts
such a program for any turkey to compile and try, I guess we'll have
to do something about it.  Sigh.

	Dave Martindale