Bugtraq mailing list archives
Regarding Mudge's OBP/FORTH root hack (PHRACK53)
From: jnunn6 () RAWTEN OFF AI (Jericho Nunn)
Date: Fri, 10 Jul 1998 02:12:52 -0600
Hi,
Aside from the fact that it left me quite flabbergasted for quite
some time, mudge's OBP memory manipulation for aquiring root priviledges
poses a serious risk for environments where SUN workstation consoles are
easily accesible to unpriviledged individuals, such as university labs.
An easy and quick work-around that avoids granting just anybody at
the console the ability to "Stop-A" and drop into OBP, is to enable the
"security-mode" and "security-password" variables within OBP. Changing
the default value of "security-mode" from 'none' to 'full', forces a
user who tries to halt the system to authenticate against the password
defined in "security-password" before having access to the OBP command
line.
Again, mudge never stops to amaze....
Regards,
Jericho.
Current thread:
- Re: Linux kernel filesystem oddities, (continued)
- Re: Linux kernel filesystem oddities Pavel Kankovsky (Jul 08)
- Re: Linux kernel filesystem oddities Michal Zalewski (Jul 06)
- Re: Linux kernel filesystem oddities Pavel Kankovsky (Jul 08)
- Re: Linux kernel filesystem oddities Jeffrey Hutzelman (Jul 09)
- Re: Linux kernel filesystem oddities Pavel Kankovsky (Jul 08)
- dslip package David Kopstain (Jul 09)
- SLMail 3.0.2421 Stack Overflow... Aleph One (Jul 09)
- Re: SmurfLog 1.0 Bug Lord (Jul 10)
- Re: port 0 scanning Lamont Granquist (Jul 09)
- Regarding Mudge's OBP/FORTH root hack (PHRACK53) Jericho Nunn (Jul 10)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) John W. Temples (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Gene Spafford (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Mike Scher (Jul 11)
- Re: Regarding Mudge's OBP/FORTH root hack (PHRACK53) Casper Dik (Jul 13)
- [FWD] Attention: Please update your imapd Raj Singh (Jul 13)