Kmem security (was: Re: How do you make your UNIX crash ???)
Stefan Tritscher
tritsche at Informatik.TU-Muenchen.DE
Thu Mar 21 03:12:21 AEST 1991
In article <9103152251.41 at rmkhome.UUCP> rmk at rmkhome.UUCP (Rick Kelly) writes:
|In article <1991Mar13.180300.17697 at convex.com> tchrist at convex.COM (Tom Christiansen) writes:
|>From the keyboard of cjc at ulysses.att.com (Chris Calabrese):
|>:Allowing any access to /dev/kmem is asking for trouble.
|>:It's possible to become root on a system which
|>:has a readable /dev/kmem without too much trouble.
|>
|>With just read access? How do you do that? I can understand
|>being able to read other people's data, but I really don't know
|>how you would use this to become the superuser. Reading su passwds?
|>This is much harder in raw mode.
|
|
|
|
|Think about it. Look at the UNIX tools you have available. Consider the fact
|that /dev/kmem is a file. When anyone logs in, even root, login has to decrypt
|the password in /etc/password to compare it to the password typed it. This
|password in memory lays around for a while. It is extremely easy to grab
|passwords out of kmem, and match them to ANY user, including root.
|
NO - NO - NO
Think about it. If login could decrypt a password then evryone could do that
too. Passwords cannot be decrypted. Login ENcrypts the password from the
user and compares it with the ENcrypted password in the password file.
|
|Rick Kelly rmk at rmkhome.UUCP frog!rmkhome!rmk rmk at frog.UUCP
More information about the Comp.unix.admin
mailing list