Bugtraq mailing list archives

/dev/{km,m}em worries

From: rickt () gnu ai mit edu (rickt () gnu ai mit edu)
Date: Tue, 17 May 1994 10:49:05 -0400 (EDT)


Hi folks,

What exactly are the problems with having /dev/mem and /dev/kmem readable
by other? Is there any way in which our systems can be exploited by 
this? I recently noticed that one of our (two) servers had a
different perm on the abovementioned files. Cf:

        $ rsh janus ls -l /dev/{km,m}em
        crw-r-----  1 root       3,   1 Sep 20  1993 /dev/kmem
        crw-r-----  1 root       3,   0 Sep 20  1993 /dev/mem

        $ rsh isis ls -l /dev/{km,m}em
        crw-r--r--  1 root       3,   1 Sep  3  1992 /dev/kmem
        crw-r--r--  1 root       3,   0 Sep  3  1992 /dev/mem

For the record, isis is a sun4m (two processors) and janus is a sun4c,
both running SunOS 4.1.3. Is there anything I can be watchful of, to make
sure that we haven't been compromised? Can anyone provide me with
information on how to exploit a mismatched perm on mem/kmem (if any)?

/rmt
-- 
main(v,c)char**c;{for(v[c++]="Rick Tait <rickt () gnu ai mit edu>\n)";(!!c)[*c]
&&(v--||--c&&execlp(*c,*c,c[!!c]+!!c,!c));**c=!c)write(!!*c,*c,!!**c);}

Current thread:

/dev/{km,m}em worries rickt () gnu ai mit edu (May 17)
- Re: /dev/{km,m}em worries Rob Quinn (May 17)
- <Possible follow-ups>
- Re: /dev/{km,m}em worries H Morrow Long (May 17)
- Re: /dev/{km,m}em worries Bruce Barnett (May 17)
- Re: /dev/{km,m}em worries der Mouse (May 17)
- Re: /dev/{km,m}em worries Jim Thompson (May 17)
  - Re: /dev/{km,m}em worries (now crash ) Chris Phillips (May 18)
- Re: /dev/{km,m}em worries Pete Hartman (May 17)
  - Re: /dev/{km,m}em worries Bill Bogstad (May 17)
- Re: /dev/{km,m}em worries Jim Thompson (May 17)
- Re: /dev/{km,m}em worries der Mouse (May 17)