Kmem security (was: Re: How do you make your UNIX crash ???)

John Chambers jc at minya.UUCP
Wed Apr 3 12:19:52 AEST 1991 

In article <1991Mar24.203327.18426 at ttank.ttank.com>, tts at ttank.ttank.com (Karl Bunch) writes:
> In <601 at minya.UUCP> jc at minya.UUCP (John Chambers) writes:
> >There have been some claims that getting passwords from the kernel is
> >"easy".  I'd like to see an example of how easy it is.  It strikes me
> >as being not very easy at all.  Well, sure, I can read all of kmem into..
> 
> Try this.. Login as root:
> 
> time strings /dev/kmem | grep rootpassword | wc -l
> 
> You'll be surprised.  

I tried it; I wasn't at all surprised.  It gave me no output at all.
What was it supposed to do?  This is a Sys/V.3 system.  I tried it
on some BSD and Ultrix and Sun systems at work, and got nothing from
any of them, either.  I also tried just the "strings /dev/kmem"; it 
gave me a few strings, but nothing that was even vaguely recognizable 
as a password.  I didn't see the root password anywhere, although I'd 
just done a "su - root".

I also decided to try "strings /dev/mem".  This time I was surprised.
The system hung, and had to be rebooted.  Such a pity, too; this system
was heading for some sort of record, since the last boot was some time
late in November.  Who ever heard of a Unix system (especially one owned
by a notorious Unix hacker ;-) surviving so long?  Anyone know why feeding
/dev/mem to strings should crash a system?  This seems rather demented
to me.  But it does get us back to the original topic.

> Safer would be:
> strings /dev/kmem | tr ' ' '^J' | sort -u | more
> and do a /rootpassword

OK; that didn't crash the system; I just got a few random-looking strings,
followed by::
	/rootpassword: Command not found.
What was it supposed to do?  Maybe I'm not a real Unix hacker, after
all; I haven't even heard of a "rootpassword" command.  Am I missing
something good?  I also looked around on some of the BSD and Ultrix
systems at work, and there was nothing called "rootpassword" anywhere
in any of their filesystems.

It seems I'm missing something somewhere.  Nothing here has turned up
even a single password, root or otherwise.  And it was supposed to be
so easy...

-- 
All opinions Copyright (c) 1991 by John Chambers.  Inquire for licensing at:
Home: 1-617-484-6393 
Work: 1-508-486-5475
Uucp: ...!{bu.edu,harvard.edu,ima.com,eddie.mit.edu,ora.com}!minya!jc

More information about the Comp.unix.admin mailing list