Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: /dev/kmem: Permission denied

/dev/kmem: Permission denied

der Mouse (mouseCollatz.McRCIM.McGill.EDU)
Tue, 31 Jan 1995 07:44:21 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Frederick M Avolio: "CFP: 5th USENIX UNIX Security Symposium"
Previous message: Davide Melchiorre: "Always about ATHENA Wide ...."
Next in thread: Chris Bulle: "/dev/kmem: Permission denied"

> When I run top or rsh into this or other machines, I get something
> like:

> top: cannot open /dev/kmem: Permission denied
> kvm_open: Permission denied

> I'm worried I've been screwed.  Permissions on /dev/kmem (Which
> points to /devices/pseudo/mm0:kmem) are:

> crw-r-----   1 root     sys       13,  1 Oct 25 11:33 mm0:kmem
> crw-r-----   1 root     sys       13,  0 Oct 25 11:33 mm0:mem

/dev/mem and /dev/kmem are normally group kmem, not group sys.  At
least on any system I've ever looked at, which I mercifully has not
included Solaris yet.

Check the permissions on (say) top; if it's setgid kmem, then kmem/mem
will have to be group kmem, or else world read, for it to work.  Check
your backups and see what group owned them there.

As for this being a cracker's muddy footprints, I suppose that's
possible.  If someone knew an easy way into group sys but not group
kmem, something like this might have been intended as a way of leaving
a hole open for later.  A stupid one, to be sure, because it alerted
you to the problem, but I'm sure Sturgeon's Law is true of crackers too.

					der Mouse

			    mousecollatz.mcrcim.mcgill.edu

Next message: Frederick M Avolio: "CFP: 5th USENIX UNIX Security Symposium"
Previous message: Davide Melchiorre: "Always about ATHENA Wide ...."
Next in thread: Chris Bulle: "/dev/kmem: Permission denied"