Query from Anon re: perms on kmem (Slowlaris)

[rali () hri com (Reto Lichtensteiger)]

Back at the ranch, anonymous () some lame netcom not site scribed:

: assistance from the bugtraq community.  The machine is a sparc 5, running
: Solaris at patch level Generic_101945-10.  TCP wrappers running on standard
: services, most rcp stuff wide open.  BTW this is solaris 2.4.  When I run top
: or rsh into this or other machines, I get something like:
:  
: top: cannot open /dev/kmem: Permission denied
: kvm_open: Permission denied
:  
:   I'm worried I've been screwed.  Permissions on /dev/kmem (Which points to
: /devices/pseudo/mm@0:kmem) are:
:  
: crw-r-----   1 root     sys       13,  1 Oct 25 11:33 mm@0:kmem
: crw-r-----   1 root     sys       13,  0 Oct 25 11:33 mm@0:mem
:  
:   This just now started happening.  Is anyone aware of any thing "malicious"
: or "fingerprintish" that could have caused this?

Normal permissions for those files ...

   % uname -a
   SunOS socks 5.3 Generic sun4m sparc
   % pwd
   /devices/pseudo
   % ls -l mm*
   crw-r-----   1 root     sys       13,  1 Jan 27 15:30 mm@0:kmem
   crw-r-----   1 root     sys       13,  0 Jan 27 15:30 mm@0:mem
   crw-rw-rw-   1 root     sys       13,  2 Jan 31 08:48 mm@0:null
   crw-rw-rw-   1 root     sys       13, 12 Jan 27 15:30 mm@0:zero

Presuming you had them set to group kmem & had top setgid kmem originally

No bugs here (well... :-})

Did you reboot the box with the -r switch to regenerate the devices?

-Reto

N.B. If you *have* to do the anon thing ... Why not use the remailer at
penet.fi? THen I could reply directly, eh?
-- 
R A Lichtensteiger      rali () hri com
System Administrator    Horizon Research Inc    (617) 466-8304
                        Waltham MA 02154
        http://www.hri.com/HRI/Pages/rali.html/

"The system has been practicing a noncomputational lifestyle ever
since the boot disk became I/O challenged."