tjt@kobold.UUCP (T.J.Teixeira) (11/25/83)
I don't see any substantial difference between posting a program to read device queues to the network and including a paper on cracking passwords in the system documentation (Robert Morris, Ken Thompson, "Password Security: A Case History" in Volume 2B of the Seventh Edition UNIX Programmer's Manual). Perry's style of presentation is certainly flamboyant, to say the least. If you filter out this flamboyancy, his article simply states: An accessible kmem is non-secure. If you wanted to pretend your system has "security through obscurity", you will now have to take positive steps to fix your system. You should have done this a year ago the last time a crack program was posted. AT&T systems are configured this way (non-readable /dev/kmem) by default, at least in System III and System V. I haven't looked closely at our 4.2BSD tape, but if /dev/kmem and /dev/mem are readable on the 4.2BSD distribution tape, Perry is right: this should be fixed. Perry also seems to be right in that it requires something as sensationalistic as posting a cracking program to cause administrators to change their systems and to get Berkeley to change their distribution. A list of programs which need to be changed can be found in the article <13795@sri-arpa.UUCP> from Jay Leprau <lepreau@utah-cs>. -- Tom Teixeira, Massachusetts Computer Corporation. Westford MA ...!{ihnp4,harpo,decvax,ucbcad,tektronix}!masscomp!tjt (617) 692-6200
msc@qubix.UUCP (Mark Callow) (11/26/83)
I think chuqui's flame at Perry for distributing the "system cracking" program was a little severe since Berkeley had already done it for him (at least on 4.1c and 4.2) in the form of adb which, together with a readable /dev/mem (that's right mem not kmem) allows you to watch passwords being typed. I suppose we'll all have to make our /dev/mem's and /dev/kmem's unreadable by mere mortals and make all the programs that need to read them (w, ps, routed, ... ???) run suid root. -- Mark Callow, Saratoga, CA. ...{decvax,ucbvax,ihnp4}!decwrl! ...{ittvax,amd70}!qubix!msc decwrl!qubix!msc@Berkeley.ARPA
smk@linus.UUCP (Steven M. Kramer) (11/26/83)
I've been on the net for a bit and saw the 1st pass on the kmem breakers. So, I should have fixed the modes (which I did). BUT ----------- What about newcomers? If the site gets the code on the weekend and a user reads it before the fix is in, TROUBLE! The user can quaff the manager's password even as he logs in to fix it. Also, what about the sites not on the net that want some kind of security but haven't thought of the kmem problem thru no fault of their own? I think it's time we stop posting programs that will cause trouble for the rest of us. How would you like someone to post a program that breaks everything in UNIX and the users get to it before the fix is made by you? If you don't manage a system, it doesn't matter, right? Well, if you DO, it's the #1 hassle. -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP) linus!smk@mitre-bedford (MIL)