Re: Breaking in from the monitor at the console
George Hodson (george@siltrain.demon.co.uk)
Tue, 31 May 94 07:58:57 BST
AS you say, this really works, does anyone have the figures for Solaris 2.3?
Presumably its just the offset into the cred structure that will be different?
Seeya
George
PS watch out using "#eeprom secure=full", if you loose the password you can
have a lot of fun trying to recover! (you need a password to even boot!)
Mind you Sun will happily supply you with a new mother board (who carries
NVRAM's?).
> Reply-To: an100188@anon.penet.fi
> Date: Fri, 27 May 1994 15:34:36 UTC
> Subject: Breaking in from the monitor at the console
> Sender: bugtraq-owner@crimelab.com
>
> Breaking into a machine, typically a workstation, by using the monitor
> at the console to poke values into memory has always been possible. I
> didn't realize how simple and unobtrusive it was before I saw this
> script. This one is for Suns, but the principle applies to any
> machine with a console monitor. On Sun4s there is some sort of
> "secure mode" that I presume lets you disable the monitor. It is
> possible to change the L1-A sequence to another pair of keys, but if
> you own /dev/console you can change it back. This obscurity may or
> may not be useful.
>
> This particular attack needs a way to run the script on the machine,
> typically in a shell. I presume there are other spots where you could
> tickle a machine that don't even require that. Physically secure
> consoles prevent this attack.
>
> Sigh.
>