On Sun, Jan 20, 2002 at 06:25:38PM +0530, Mohit Kalra wrote: > >But anyway, it really doesn't matter. With the right permissions only > >root has access to /dev/mem so nobody can get the plain text password. > >If somebody already got root on the machine, you already *have* a > >problem cause (s)he shouldn't have got root anyway. > > What I had in mind was that one can exploit a buffer overflow and read > /dev/mem. Even though when the buffer overflow is patched, you still have > a legitimate backdoor. No SUID , trjoans or lkms needed to re-enter as > root. Or maybe add a new user like "httpbackup" and change the group of > the user as kmem so that he knows the root password all the way. > But i guess bzero'ing the the buffers is what needs to be done ... n > something i would like to take care of in the future in my code. If a system is compromised, one of the things to do is to recompile and reinstall the kernel from scratch. It's just part of the system audit you have to do anyway. Erik -- J.A.K. (Erik) Mouw, Information and Communication Theory Group, Faculty of Information Technology and Systems, Delft University of Technology, PO BOX 5031, 2600 GA Delft, The Netherlands Phone: +31-15-2783635 Fax: +31-15-2781843 Email: J.A.K.Mouw@its.tudelft.nl WWW: http://www-ict.its.tudelft.nl/~erik/ -- Kernelnewbies: Help each other learn about the Linux kernel. Archive: http://mail.nl.linux.org/kernelnewbies/ IRC Channel: irc.openprojects.net / #kernelnewbies Web Page: http://www.kernelnewbies.org/
