Bugtraq mailing list archives
Query from Anon re: perms on kmem (Slowlaris)
From: rali () hri com (Reto Lichtensteiger)
Date: Tue, 31 Jan 1995 09:25:02 -0500 (EST)
Back at the ranch, anonymous () some lame netcom not site scribed: : assistance from the bugtraq community. The machine is a sparc 5, running : Solaris at patch level Generic_101945-10. TCP wrappers running on standard : services, most rcp stuff wide open. BTW this is solaris 2.4. When I run top : or rsh into this or other machines, I get something like: : : top: cannot open /dev/kmem: Permission denied : kvm_open: Permission denied : : I'm worried I've been screwed. Permissions on /dev/kmem (Which points to : /devices/pseudo/mm@0:kmem) are: : : crw-r----- 1 root sys 13, 1 Oct 25 11:33 mm@0:kmem : crw-r----- 1 root sys 13, 0 Oct 25 11:33 mm@0:mem : : This just now started happening. Is anyone aware of any thing "malicious" : or "fingerprintish" that could have caused this? Normal permissions for those files ... % uname -a SunOS socks 5.3 Generic sun4m sparc % pwd /devices/pseudo % ls -l mm* crw-r----- 1 root sys 13, 1 Jan 27 15:30 mm@0:kmem crw-r----- 1 root sys 13, 0 Jan 27 15:30 mm@0:mem crw-rw-rw- 1 root sys 13, 2 Jan 31 08:48 mm@0:null crw-rw-rw- 1 root sys 13, 12 Jan 27 15:30 mm@0:zero Presuming you had them set to group kmem & had top setgid kmem originally No bugs here (well... :-}) Did you reboot the box with the -r switch to regenerate the devices? -Reto N.B. If you *have* to do the anon thing ... Why not use the remailer at penet.fi? THen I could reply directly, eh? -- R A Lichtensteiger rali () hri com System Administrator Horizon Research Inc (617) 466-8304 Waltham MA 02154 http://www.hri.com/HRI/Pages/rali.html/ "The system has been practicing a noncomputational lifestyle ever since the boot disk became I/O challenged."
Current thread:
- Query from Anon re: perms on kmem (Slowlaris) Reto Lichtensteiger (Jan 31)