Path: utzoo!attcan!uunet!lll-winken!ames!oliveb!apple!bloom-beacon!WSL.DEC.COM!rich
From: rich@WSL.DEC.COM (Richard L. Hyde)
Newsgroups: comp.windows.x
Subject: Re: security problem in xdm(1) of MIT X and dxsession(1) of DECwindows
Message-ID: <8904131552.AA25388@gnome2.pa.dec.com>
Date: 13 Apr 89 15:52:07 GMT
References: <470@zgdvda.UUCP>
Sender: daemon@bloom-beacon.MIT.EDU
Organization: The Internet
Lines: 8

>On Ultrix-32 3.0, unlike login(1) or su(1), dxsession(1) has a long life and
>keeps a user's plain-text password in its stack area. Unfortunately, the
>password will not be destroyed after authentication, even the user has logged
>out. Since the /dev/mem file is readable by everybody on Ultrix (sigh!), the
>password could be got by scanning the /dev/mem file for some specific string
>patterns.

	This is false.  Only the encripted password is stored.