Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!cbatt!cbosgd!soma!William King From: William@soma.UUCP Newsgroups: mod.computers.masscomp Subject: protection of memory Message-ID: <2552@soma.bcm.tmc.edu> Date: Fri, 21-Nov-86 08:10:20 EST Article-I.D.: soma.2552 Posted: Fri Nov 21 08:10:20 1986 Date-Received: Sun, 23-Nov-86 03:15:50 EST Sender: masscomp@soma.bcm.tmc.edu Lines: 50 Approved: masscomp@soma.uucp > We're having a problem with ps. > Under the -f option nothing is printed under the UID column. Does > anyone have an idea on why this may be? > [ My best guess is that ps may not be chmod correctly... it does work > correctly on my systems... here is the output of an ls on some files of > interest. > > MUS% ls -la /bin/ps /dev/*mem > -rwsr-sr-x 1 root sys 47593 Aug 18 16:09 /bin/ps > crw-rw-rw- 1 root sys 3, 1 Aug 19 09:11 /dev/kmem > crw-rw-rw- 1 root sys 3, 0 Aug 19 09:11 /dev/mem > > If your system does not look like this, my guess is that that is your > problem. > > Stan, moderator] > Stan, I would be very concerned about the modes you suggest using for /dev/mem and /dev/kmem. Imagine a non-superuser typing: cat /etc/passwd > /dev/mem I would suggest something more like: -rwsr-sr-x 1 root sys 47593 Aug 18 16:09 /bin/ps cr--r----- 1 root sys 3, 1 Aug 19 09:11 /dev/kmem cr--r----- 1 root sys 3, 0 Aug 19 09:11 /dev/mem A clever user could easily break into the system by writing into /dev/mem and changing their uid in the user structure. A more clever user could possibly read a password from a clist. If you pay attention to a few other files (/dev/swap) ps can be made : -rwxr-sr-x 1 root sys 47593 Aug 18 16:09 /bin/ps This is how we run our Masscomp systems. Bill King @ abic.abnet.com Industrial Computer Division 747 Alpha Drive, Highland Heights, OH 44143 @{decvax,cwruecmp,pyramid}.UUCP:wrk@abic.ABNET.COM [You are correct, of course. We run a relatively relaxed environment here, so the memory protections are less of a problem for us. I would still be concerned that kmem cannot be read by everyone since many people like to pull out load averages and such. Thanks for your comments. Stan == moderator]