Re: /dev/{km,m}em worries

long-morrowcs.yale.edu

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Bruce Barnett: "Re: /dev/{km,m}em worries"
• Previous message: Casper Dik: "Re: permissions"
• Maybe in reply to: ricktgnu.ai.mit.edu: "/dev/{km,m}em worries"
• Next in thread: Bruce Barnett: "Re: /dev/{km,m}em worries"

Rick Tait <ricktgnu.ai.mit.edu> wrote:
>What exactly are the problems with having /dev/mem and /dev/kmem readable
>by other? Is there any way in which our systems can be exploited by 
>this? I recently noticed that one of our (two) servers had a
>different perm on the abovementioned files. Cf:

You (or someone else more malevolent) could read the address space of
processes looking for passwords stored in memory or other interesting
information (ie. a fishing expedition).

A more focused effort would be one of the legendary "clist peekers"
(programs to target for reading the data structures used by the Unix
terminal interfaces - ttys - called 'clists') so that the characters
being typed by users could be read as they were being entered.  Fun!

                   _  _    __  _                           __ 
                  (/_ /   (/ \/ \   _   __  __  ____ _ __ (/   _  __   _)
                  /  / .  /      )_(_)_/ (_/ (_(_) (_(_(  /___(_)_/ )_(_)
                 (       (                               (             _)

H. Morrow Long, Mgr of Dev., Yale Univ., Comp Sci Dept, 011 AKW, New Haven, CT
06520-8285,	VOICE:	(203)-432-{1248,1254}		FAX:	(203)-432-0593

• Next message: Bruce Barnett: "Re: /dev/{km,m}em worries"
• Previous message: Casper Dik: "Re: permissions"
• Maybe in reply to: ricktgnu.ai.mit.edu: "/dev/{km,m}em worries"
• Next in thread: Bruce Barnett: "Re: /dev/{km,m}em worries"