news@zgdvda.UUCP (USENET News System) (04/12/89)
On Ultrix-32 3.0, unlike login(1) or su(1), dxsession(1) has a long life and keeps a user's plain-text password in its stack area. Unfortunately, the password will not be destroyed after authentication, even the user has logged out. Since the /dev/mem file is readable by everybody on Ultrix (sigh!), the password could be got by scanning the /dev/mem file for some specific string patterns. I don't know if DECwindows on VMS has the same problem. However, by looking up the source code (with patch[1-9]) of X11R3 from MIT, it seems that xdm(1) has the similar problem. Ning Zhang <zhang@zgdvda.uucp>