Should kmem be read to the world?

Karl Kleinpaste karl at giza.cis.ohio-state.edu
Tue Jun 27 05:37:07 AEST 1989


mb at rex.cs.tulane.edu writes:
   We just noticed that w does not work.  It returns the message "no kmem".
   Should /dev/kmem be made readable to the world or will that cause
   security problems?

That will cause security problems; the intelligent cracker will learn
all kinds of fascinating things by reading /dev/kmem.

We define a group "devkmem" with no members, and then chgrp all memory
devices to this group, and in turn chgrp and chmod g+s all the
memory-reading programs (ps, w, top, etc) so that they retain their
well-behaved access.

--Karl



More information about the Comp.sys.pyramid mailing list