# Jericho Nunn wrote:
#
# > Aside from the fact that it left me quite flabbergasted for quite
# >some time, mudge's OBP memory manipulation for aquiring root priviledges
# >poses a serious risk for environments where SUN workstation consoles are
# >easily accesible to unpriviledged individuals, such as university labs.
#
# This has been known for a long time. Indeed some 7 years ago whilst I
# was at univeristy, and in my more "cat and mouse" gaming moods, I used
# this trick and a prom password was promptly added.
Given that we are on the subject of open boot prom passwords. Because of
a disagreement with the person that managed the pool of Sparc stations
we ran Amoeba on (he didn't want to give me the prom password but I was
allowed to boot my own kernels), my own kernels contained the following
piece of code:
#ifndef NDEBUG
/*
* Print the prom password so I know what it is when debugging a kernel
*/
void
print_password(void)
{
char cmd[OBP_CMDLEN], pwd[8];
int i, pwdlen;
preprom();
if (obp->op_interpret) {
(void) sprintf(cmd,
"security-password %x swap dup %x ! move", pwd, &pwdlen);
obp->op_interpret(cmd);
if (pwdlen > 0) {
printf("OBP Password = '");
for (i = 0; i < pwdlen; i++)
printf("%c", pwd[i]);
printf("'\n");
}
}
postprom();
}
#endif /* NDEBUG */
Yes, the prom password is unencrypted. "security-password dump" will
show the plaintext version.
Leendert
--
Leendert van Doorn <leendertat_private>
IBM T.J. Watson Research Center (914) 784-7831
30 Saw Mill River Road, Hawthorne, NY 10532
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:09 PDT