tjt@kobold.UUCP (T.J.Teixeira) (11/25/83)
I don't see any substantial difference between posting a program to
read device queues to the network and including a paper on cracking
passwords in the system documentation (Robert Morris, Ken Thompson,
"Password Security: A Case History" in Volume 2B of the Seventh Edition
UNIX Programmer's Manual).
Perry's style of presentation is certainly flamboyant, to say the
least. If you filter out this flamboyancy, his article simply states:
An accessible kmem is non-secure.
If you wanted to pretend your system has "security through obscurity",
you will now have to take positive steps to fix your system. You
should have done this a year ago the last time a crack program was
posted. AT&T systems are configured this way (non-readable /dev/kmem)
by default, at least in System III and System V. I haven't looked
closely at our 4.2BSD tape, but if /dev/kmem and /dev/mem are readable
on the 4.2BSD distribution tape, Perry is right: this should be fixed.
Perry also seems to be right in that it requires something as
sensationalistic as posting a cracking program to cause administrators
to change their systems and to get Berkeley to change their
distribution.
A list of programs which need to be changed can be found in the article
<13795@sri-arpa.UUCP> from Jay Leprau <lepreau@utah-cs>.
--
Tom Teixeira, Massachusetts Computer Corporation. Westford MA
...!{ihnp4,harpo,decvax,ucbcad,tektronix}!masscomp!tjt (617) 692-6200msc@qubix.UUCP (Mark Callow) (11/26/83)
I think chuqui's flame at Perry for distributing the "system cracking"
program was a little severe since Berkeley had already done it for him
(at least on 4.1c and 4.2) in the form of adb which, together with a
readable /dev/mem (that's right mem not kmem) allows you to watch passwords
being typed.
I suppose we'll all have to make our /dev/mem's and /dev/kmem's unreadable
by mere mortals and make all the programs that need to read them (w, ps,
routed, ... ???) run suid root.
--
Mark Callow, Saratoga, CA.
...{decvax,ucbvax,ihnp4}!decwrl!
...{ittvax,amd70}!qubix!msc
decwrl!qubix!msc@Berkeley.ARPAsmk@linus.UUCP (Steven M. Kramer) (11/26/83)
I've been on the net for a bit and saw the 1st pass on the kmem breakers.
So, I should have fixed the modes (which I did). BUT -----------
What about newcomers? If the site gets the code on the weekend and a
user reads it before the fix is in, TROUBLE! The user can quaff the
manager's password even as he logs in to fix it. Also, what about the
sites not on the net that want some kind of security but haven't thought
of the kmem problem thru no fault of their own?
I think it's time we stop posting programs that will cause trouble
for the rest of us. How would you like someone to post a program that
breaks everything in UNIX and the users get to it before the fix is made
by you? If you don't manage a system, it doesn't matter, right? Well,
if you DO, it's the #1 hassle.
--
--steve kramer
{allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP)
linus!smk@mitre-bedford (MIL)