On Tue, Mar 22, 2005 at 03:29:10PM +1100, [EMAIL PROTECTED] wrote: > On my Debian systems, I see: > > [EMAIL PROTECTED]:~$ ls -l /dev | grep mem > crw-r----- 1 root kmem 1, 2 Nov 13 2002 kmem > crw-r----- 1 root kmem 1, 1 Nov 13 2002 mem > crw-r----- 1 root kmem 1, 4 Nov 13 2002 port > > with read access only. Does that still give you root, or did you (also) > mean that for other systems, where kmem has write access?
Read-only access to kernel memory should be sufficient to obtain passwords, including the root password or the password of a root-equivalent user. > NFS-mounted (user) files, mounted writable on several machines; attacker > gets root on one machine, creates setgid-staff binary, gets root on all. > Is not that realistic? Attacker gets root on one machine, creates setuid root binary, gets root on all. > Should not administrators be warned that giving staff privilege is > equivalent to root? Are not they being misled into thinking that staff is > somehow less dangerous? I have already said that I support the removal of these privileges from the staff group; we do not disagree on this point. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
