[853] in bugtraq
/dev/kmem: Permission denied
daemon@ATHENA.MIT.EDU (der Mouse)
Tue Jan 31 10:38:13 1995
Date: Tue, 31 Jan 1995 07:44:21 -0500
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: bugtraq@fc.net
> When I run top or rsh into this or other machines, I get something
> like:
> top: cannot open /dev/kmem: Permission denied
> kvm_open: Permission denied
> I'm worried I've been screwed. Permissions on /dev/kmem (Which
> points to /devices/pseudo/mm@0:kmem) are:
> crw-r----- 1 root sys 13, 1 Oct 25 11:33 mm@0:kmem
> crw-r----- 1 root sys 13, 0 Oct 25 11:33 mm@0:mem
/dev/mem and /dev/kmem are normally group kmem, not group sys. At
least on any system I've ever looked at, which I mercifully has not
included Solaris yet.
Check the permissions on (say) top; if it's setgid kmem, then kmem/mem
will have to be group kmem, or else world read, for it to work. Check
your backups and see what group owned them there.
As for this being a cracker's muddy footprints, I suppose that's
possible. If someone knew an easy way into group sys but not group
kmem, something like this might have been intended as a way of leaving
a hole open for later. A stupid one, to be sure, because it alerted
you to the problem, but I'm sure Sturgeon's Law is true of crackers too.
der Mouse
mouse@collatz.mcrcim.mcgill.edu
