Can the output to a terminal be monitored?
Conor P. Cahill
cpcahil at virtech.uucp
Tue Jun 12 10:30:58 AEST 1990
In article <509 at al.ele.tue.nl> raymond at ele.tue.nl (Raymond Nijssen) writes:
>
> [ discussion of reading clists from /dev/kmem deleted ]
>
>These programs
>are used by crackers, and it's quite easy for them, since /dev/kmem is
>world readable on most unix systems, for this is necessary for commands
>like ps, which examines lots of kernels buffers also.
>
>CPU time, so i doubt whether it can be of use for monitoring an outgoing line.
>Nevertheless, it should still be considered as a security hole, and I
>wonder if it has been fixed in rel. 4.
It is not a bug in most versions of unix. The programs that need to access
/dev/kmem are usually set up to run as set-gid to the same group as the
/dev/kmem entry, thereby only requiring group read access on the device,
not general read access.
PS-> ps doesn't read many kernel "buffers". It reads the process table and,
if necessary, the u structure for each process. The rest of the information
it uses comes from disk files (either /etc/passwd & associated files or the
quick condensed version in /etc/ps_data). It may have to read some of
the paging/swaping stuff to get the user structure info for swapped out
processes.
--
Conor P. Cahill (703)430-9247 Virtual Technologies, Inc.,
uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160
Sterling, VA 22170
More information about the Comp.unix.questions
mailing list