[856] in bugtraq
Query from Anon re: perms on kmem (Slowlaris)
daemon@ATHENA.MIT.EDU (Reto Lichtensteiger)
Tue Jan 31 12:09:46 1995
From: Reto Lichtensteiger <rali@hri.com>
To: bugtraq@fc.net
Date: Tue, 31 Jan 1995 09:25:02 -0500 (EST)
Back at the ranch, anonymous@some.lame.netcom.not.site scribed:
: assistance from the bugtraq community. The machine is a sparc 5, running
: Solaris at patch level Generic_101945-10. TCP wrappers running on standard
: services, most rcp stuff wide open. BTW this is solaris 2.4. When I run top
: or rsh into this or other machines, I get something like:
:
: top: cannot open /dev/kmem: Permission denied
: kvm_open: Permission denied
:
: I'm worried I've been screwed. Permissions on /dev/kmem (Which points to
: /devices/pseudo/mm@0:kmem) are:
:
: crw-r----- 1 root sys 13, 1 Oct 25 11:33 mm@0:kmem
: crw-r----- 1 root sys 13, 0 Oct 25 11:33 mm@0:mem
:
: This just now started happening. Is anyone aware of any thing "malicious"
: or "fingerprintish" that could have caused this?
Normal permissions for those files ...
% uname -a
SunOS socks 5.3 Generic sun4m sparc
% pwd
/devices/pseudo
% ls -l mm*
crw-r----- 1 root sys 13, 1 Jan 27 15:30 mm@0:kmem
crw-r----- 1 root sys 13, 0 Jan 27 15:30 mm@0:mem
crw-rw-rw- 1 root sys 13, 2 Jan 31 08:48 mm@0:null
crw-rw-rw- 1 root sys 13, 12 Jan 27 15:30 mm@0:zero
Presuming you had them set to group kmem & had top setgid kmem originally
No bugs here (well... :-})
Did you reboot the box with the -r switch to regenerate the devices?
-Reto
N.B. If you *have* to do the anon thing ... Why not use the remailer at
penet.fi? THen I could reply directly, eh?
--
R A Lichtensteiger rali@hri.com
System Administrator Horizon Research Inc (617) 466-8304
Waltham MA 02154
http://www.hri.com/HRI/Pages/rali.html/
"The system has been practicing a noncomputational lifestyle ever
since the boot disk became I/O challenged."
