drears@ardec.arpa (Dennis G. Rears (FSAC)) (11/09/88)
Dennis L. Mumaugh writes:
->In fact, when Mark Kampe came to the site to install some goodies
->we used this marvelous program to watch his terminal session on
->other tubes. It was better than a script program.
->
->Of course, the program to do this is classified, but the fact it
->can be done isn't.
->
Is it really classified? Is so, is it Confidential, Secret, or
Top Secret? Who was the classification authority? I hope its not
classified. I have a program that does it right on my VAX. Somebody
gave me a copy a couple of years ago. A program like that is not too
difficult to write.
Dennis
--------------------------------------------------------------------------
Dennis G. Rears: Computer Scientist
ARPA: drears@ardec-ac4.arpa UUCP: ...!uunet!ardec-ac4.arpa!drears
AT&T: 201-724-6639 USPS: Box 210, Wharton, NJ 07885
Work: SMCAR-FSS-E, Bldg 94, Picatinny Ars, NJ 07806
--------------------------------------------------------------------------
P.S. I am sending this to the list because I can't reach Dennis by
email.
jfh@rpp386.Dallas.TX.US (John F. Haugh II) (11/09/88)
In some long lost article, someone wrote: >->In fact, when Mark Kampe came to the site to install some goodies >->we used this marvelous program to watch his terminal session on >->other tubes. It was better than a script program. This can be very dangerous. Letting one of those run on a terminal root or some other privileged user is likely to use could have nasty results. /dev/kmem should never be readable by regular users. ps and other kernel pokers should run S(U|G)ID the owner of the device. -- John F. Haugh II +----Make believe quote of the week---- VoiceNet: (214) 250-3311 Data: -6272 | Nancy Reagan on Artifical Trish: InterNet: jfh@rpp386.Dallas.TX.US | "Just say `No, Honey'" UucpNet : <backbone>!killer!rpp386!jfh +--------------------------------------
mjh@uunet.uu.net (Mark J. Hewitt) (11/12/88)
> ...reading clists...
Int the good old days, we acheived this by adding a little code to the
tty interrupt routine - when it placed a character on the output queue,
it looked to see if there was a second tty to receive the character
(from a kernel variable poked by a runnable by root only program called
`spy'!), and stuffed it on that queue too. This was on UNIX Ed. 6.
Later versions are a little harder because the queue is written in one
of several places (multiplexer files, line disciplines, probably
streams, etc...), but I did the same thing on a 4.2bsd system despite
this.
Mark J. Hewitt
usenet: ...!{mcvax,uunet}!ukc!kernel!mjh JANET: mjh@uk.co.kernel
voice: (+44) 532 444566 other: mjh@kernel.co.uk
fax: (+44) 532 425456 old style: mjh%uk.co.kernel@uk.ac.ukc
paper: Kernel Technology Ltd, Development Centre, 46 The Calls, Leeds,
LS2 7EY, West Yorkshire, UK
jc@minya.UUCP (John Chambers) (11/14/88)
> /dev/kmem should never be readable by regular users. ps and other > kernel pokers should run S(U|G)ID the owner of the device. No, /dev/kmem should have 640 permissions, and programs like ps and arp (which need only read access) should be setgid but NOT setuid. Making them setuid is inviting hackers (like rtm and jc@minya and others ;-) to look for interesting ways to take advantage of their write access. -- John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393) [Any errors in the above are due to failures in the logic of the keyboard, not in the fingers that did the typing.]
caag@inf.rl.ac.uk (Crispin Goswell) (12/16/88)
In article <8532@rpp386.Dallas.TX.US> jfh@rpp386.Dallas.TX.US (John F. Haugh II) writes: > >This can be very dangerous. Letting one of those run on a terminal >root or some other privileged user is likely to use could have nasty >results. > >/dev/kmem should never be readable by regular users. ps and other >kernel pokers should run S(U|G)ID the owner of the device. There is another reason: some machines have memory mapped devices, which can be disturbed even by reading their device registers. Thus system integrity can be affected, as well as security. -- Name: Crispin Goswell |-------|__ Informatics Department Usenet: {... | mcvax}!ukc!rlinf!caag | Tea | | Rutherford Appleton Lab JANET: caag@uk.ac.rl.inf \ Mug /_/ Chilton, Didcot ARPA: caag%inf.rl.ac.uk@nss.cs.ucl.ac.uk \_____/ Oxon OX11 0QX, UK "The signatures flew everywhere and roosted in the trees." - Peter Blegvad