Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)

From: Gene Spafford (spafat_private)
Date: Sat Jul 11 1998 - 17:18:17 PDT

Next message: James Bonfield: "Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)"

Previous message: Aleph One: "Seattle Lab fixes security issue in SLmail"
Maybe in reply to: Jericho Nunn: "Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
Next in thread: James Bonfield: "Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Well, not to detract from Mudge's reputation, but there were several
exploits published in 90-92 dealing with dropping into the console
monitor/debugger on Suns and poking at various things in memory.  This
is hardly new.

This is also how you can steal Kerberos tickets and passwords, PGP
keys, and other assorted goodies if you have physical access to a
machine someone is using remotely.

And this isn't new to anyone who ever poked around in memory on an old
PDP machine, or an old DG or Prime box, or....

I'll let you draw your own conclusions from this story.   I will note
that there is a reason Sun monitors have those security settings, and
why the documentation suggests setting them.

--spaf

Next message: James Bonfield: "Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
Previous message: Aleph One: "Seattle Lab fixes security issue in SLmail"
Maybe in reply to: Jericho Nunn: "Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
Next in thread: James Bonfield: "Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:03:26 PDT