Kmem security (was: Re: How do you make your UNIX crash ???)
Craig Campbell
craig at attcan.UUCP
Tue Apr 16 01:23:27 AEST 1991
In article <6093 at ptsfa.PacBell.COM> dmturne at PacBell.COM (Dave Turner) writes:
>In article <638 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
>I'd be surprised if a least one user didn't learn your rootpassword
>by typing a ps (ps -ef on system v) while you were running this command.
>
>The security exposure of running a grep with root's clear password is
>much greater than someone getting it from /dev/kmem.
>Dave Turner 415/823-2001 {att,bellcore,sun,ames,decwrl}!pacbell!dmturne
Huh??!! Whose SysV Rel 3 are you running? P.S. -ef will only display the
command line. The password is prompted for by the su program. I am speaking
with intimate knowledge of AT&T SysV Release 3.1.1 -> SysV Rel 4.0.2.1.
Who is this rootpasswd person anyway? Some dangerously stupid add on shell
script?? The functionality of ps has been well known and documented for a
longgggg time. Unix, being Unix, will of course, cheerfully help you pull
the trigger, if you insist on shooting yourself in the foot....
craig
More information about the Comp.unix.admin
mailing list