/dev/kmem: Permission denied

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Frederick M Avolio: "CFP: 5th USENIX UNIX Security Symposium"
• Previous message: Davide Melchiorre: "Always about ATHENA Wide ...."
• Next in thread: Chris Bulle: "/dev/kmem: Permission denied"

> When I run top or rsh into this or other machines, I get something
> like:

> top: cannot open /dev/kmem: Permission denied
> kvm_open: Permission denied

> I'm worried I've been screwed.  Permissions on /dev/kmem (Which
> points to /devices/pseudo/mm@0:kmem) are:

> crw-r-----   1 root     sys       13,  1 Oct 25 11:33 mm@0:kmem
> crw-r-----   1 root     sys       13,  0 Oct 25 11:33 mm@0:mem

/dev/mem and /dev/kmem are normally group kmem, not group sys.  At
least on any system I've ever looked at, which I mercifully has not
included Solaris yet.

Check the permissions on (say) top; if it's setgid kmem, then kmem/mem
will have to be group kmem, or else world read, for it to work.  Check
your backups and see what group owned them there.

As for this being a cracker's muddy footprints, I suppose that's
possible.  If someone knew an easy way into group sys but not group
kmem, something like this might have been intended as a way of leaving
a hole open for later.  A stupid one, to be sure, because it alerted
you to the problem, but I'm sure Sturgeon's Law is true of crackers too.

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

• Next message: Frederick M Avolio: "CFP: 5th USENIX UNIX Security Symposium"
• Previous message: Davide Melchiorre: "Always about ATHENA Wide ...."
• Next in thread: Chris Bulle: "/dev/kmem: Permission denied"