# Jericho Nunn wrote: # # > Aside from the fact that it left me quite flabbergasted for quite # >some time, mudge's OBP memory manipulation for aquiring root priviledges # >poses a serious risk for environments where SUN workstation consoles are # >easily accesible to unpriviledged individuals, such as university labs. # # This has been known for a long time. Indeed some 7 years ago whilst I # was at univeristy, and in my more "cat and mouse" gaming moods, I used # this trick and a prom password was promptly added. Given that we are on the subject of open boot prom passwords. Because of a disagreement with the person that managed the pool of Sparc stations we ran Amoeba on (he didn't want to give me the prom password but I was allowed to boot my own kernels), my own kernels contained the following piece of code: #ifndef NDEBUG /* * Print the prom password so I know what it is when debugging a kernel */ void print_password(void) { char cmd[OBP_CMDLEN], pwd[8]; int i, pwdlen; preprom(); if (obp->op_interpret) { (void) sprintf(cmd, "security-password %x swap dup %x ! move", pwd, &pwdlen); obp->op_interpret(cmd); if (pwdlen > 0) { printf("OBP Password = '"); for (i = 0; i < pwdlen; i++) printf("%c", pwd[i]); printf("'\n"); } } postprom(); } #endif /* NDEBUG */ Yes, the prom password is unencrypted. "security-password dump" will show the plaintext version. Leendert -- Leendert van Doorn <leendertat_private> IBM T.J. Watson Research Center (914) 784-7831 30 Saw Mill River Road, Hawthorne, NY 10532
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:04:09 PDT