Does Ultrix 4.0 finally have a secure /dev/*mem ?

Wed Aug 1 12:50:28 AEST 1990

Written by idallen at watcgl.waterloo.edu in news:comp.unix.ultrix
---------- "Does Ultrix 4.0 finally have a secure /dev/*mem ?" ----------
> Is memory still world-readable under Ultrix 4.0?

As others have pointed out, Ultrix 4.0 does not have world-readable
/dev/{*mem,drum}, but is group-owned and group-readable by kmem with
appropriate programs setgid kmem.

We achieved the same situation without problem for Ultrix 3.0 by making
these system programs setgid kmem:

######## Mon May  7 17:28:33 EST 1990 ######## kinzler
From: Stephen Kinzler <kinzler>
Subject: Made iuvax memory devices unreadable
Extensively searched the system (iuvax) for files accessing
/dev/{mem,kmem,drum} by doing a grep on the strings of system
executables.  I think I caught everything, but it's possible there are
some uninstalled and non-system applications or executables tucked away
in weird places that I missed.

Of the files found ...

These files were already setgid kmem:
/usr/bin/X11/xload		/usr/local/etc/ofiles
/usr/local/bin/top		/usr/local/lib/emacs/etc/loadst
/usr/local/etc/fstat

These files were made setgid kmem:
/bin/ps			/usr/local/adm/bin/gdf	/usr/new/mh/msh
/usr/bin/X11/xdm	/usr/local/bin/kuser	/usr/new/mh/packf
/usr/bin/X11R3/xperfmon	/usr/local/etc/batchd	/usr/new/mh/repl
/usr/bin/iostat		/usr/local/etc/tickadj	/usr/new/mh/send
/usr/bin/ipcs		/usr/local/etc/xntpd	/usr/new/mh/whatnow
/usr/etc/arp		/usr/new/dbid		/usr/ucb/dbx
/usr/etc/nfsstat	/usr/new/lib/mh/rcvpack	/usr/ucb/gcore
/usr/etc/pstat		/usr/new/lib/mh/slocal	/usr/ucb/gprof
/usr/etc/route		/usr/new/mh/anno	/usr/ucb/netstat
/usr/etc/rwhod		/usr/new/mh/comp	/usr/ucb/sysline
/usr/etc/savecore	/usr/new/mh/dist	/usr/ucb/uptime
/usr/etc/trpt		/usr/new/mh/forw	/usr/ucb/vmstat
/usr/games/rogue	/usr/new/mh/inc

These files were also made setgid kmem, even though they're setuid root
since they evidently don't use their root priviledges when accessing
the devices:
/usr/bin/mail		/usr/lib/sendmail	/usr/local/lib/sendmail

These files were left alone since they should only be run by a superuser
anyway:
/opr/is_vaxstar		     /usr/field/memx	
/usr/adm/bin/sizer	     /usr/field/shmx
/usr/etc/sizer

This file was left alone since it was already setuid root, setgid uucp:
/usr/local/lib/uucp/acucntrl

After all this, I think we can safely take world-read permissions off of
the memory devices and greatly improve the machine's security, so:
	chgrp kmem /dev/{kmem,mem,drum}
	chmod o-r /dev/{kmem,mem,drum}

from the brain of Steve Kinzler    /o)\    kinzler at iuvax.cs.indiana.edu
an organ with a mind of its own    \(o/    {ames,rutgers}!iuvax!kinzler