With all the back and forth about whether kmem is writable or not, I think it might be worth pointing out that with read access to /dev/mem and /dev/kmem, it's certainly possible to snoop passwords. Though technically challenging, there's no reason you can't parse the process tables, etc. to figure out the exact location of the buffer being used to store a password as it's being typed. Despite being an asynchronous procedure and basically being a huge race, people type their passwords pretty slowly. Finding whether a process has libpam mapped and whether or not it's currently in the password entry procedure, etc. doesn't take too long.. Convincing root he needs to type his password is a comparatively small exercise in social engineering. -- "Love the dolphins," she advised him. "Write by W.A.S.T.E.."
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:37:26 PDT