Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1994: /dev/{km,m}em worries

/dev/{km,m}em worries

ricktgnu.ai.mit.edu
Tue, 17 May 1994 10:49:05 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Casper Dik: "Re: permissions"
Previous message: Bruce Barnett: "Re: permissions"
Next in thread: H Morrow Long: "Re: /dev/{km,m}em worries"

Hi folks,

What exactly are the problems with having /dev/mem and /dev/kmem readable
by other? Is there any way in which our systems can be exploited by 
this? I recently noticed that one of our (two) servers had a
different perm on the abovementioned files. Cf:

	$ rsh janus ls -l /dev/{km,m}em
	crw-r-----  1 root       3,   1 Sep 20  1993 /dev/kmem
	crw-r-----  1 root       3,   0 Sep 20  1993 /dev/mem

	$ rsh isis ls -l /dev/{km,m}em
	crw-r--r--  1 root       3,   1 Sep  3  1992 /dev/kmem
	crw-r--r--  1 root       3,   0 Sep  3  1992 /dev/mem

For the record, isis is a sun4m (two processors) and janus is a sun4c,
both running SunOS 4.1.3. Is there anything I can be watchful of, to make
sure that we haven't been compromised? Can anyone provide me with
information on how to exploit a mismatched perm on mem/kmem (if any)?

/rmt
-- 
main(v,c)char**c;{for(v[c++]="Rick Tait <ricktgnu.ai.mit.edu>\n)";(!!c)[*c]
&&(v--||--c&&execlp(*c,*c,c[!!c]+!!c,!c));**c=!c)write(!!*c,*c,!!**c);}

Next message: Casper Dik: "Re: permissions"
Previous message: Bruce Barnett: "Re: permissions"
Next in thread: H Morrow Long: "Re: /dev/{km,m}em worries"