Kmem security (was: Re: How do you make your UNIX crash ???)
Rick Kelly
rmk at rmkhome.UUCP
Fri Apr 12 15:03:00 AEST 1991
In article <1991Apr8.213109.1949 at mailer.cc.fsu.edu> boyd at nu.cs.fsu.edu writes:
>In article <638 at minya.UUCP>, jc at minya.UUCP (John Chambers) writes:
>>> Safer would be:
>>> strings /dev/kmem | tr ' ' '^J' | sort -u | more
>>> and do a /rootpassword
>>OK; that didn't crash the system; I just got a few random-looking strings,
>>followed by::
>> /rootpassword: Command not found.
>>What was it supposed to do? Maybe I'm not a real Unix hacker, after
>>all; I haven't even heard of a "rootpassword" command. Am I missing
>>something good? I also looked around on some of the BSD and Ultrix
>>systems at work, and there was nothing called "rootpassword" anywhere
>>in any of their filesystems.
>This was to invoke a search for the string "rootpassword" in more. It is
>not a standalone command, it is a modifier within more. It could be argued
>that it is one of the more useful features of more. My question is why
>the string "rootpassword" would be anywhere (perhaps the poster intended
>for the real root password to be substituted, just to show how easy it
>can be found. A potential intruder would have to try all the strings
>found, but this is still a drastically reduced searchspace).
One avenue is to search for "root" or any other login in memory in such a
way that you know it's offset in /dev/kmem. Do an ASCII dump of kmem at
that offset, and you will soon find the password.
I have done this, but for obvious reasons I leave this as an exercise for
the reader.
Rick Kelly rmk at rmkhome.UUCP frog!rmkhome!rmk rmk at frog.UUCP
More information about the Comp.unix.admin
mailing list