root user has access to all of /dev/mem
Bug #146508 reported by
Bryan Irvine
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux (Ubuntu) |
Fix Released
|
Wishlist
|
Kees Cook |
Bug Description
Easy to reproduce. The easiest way is to log in on the command line and sudo to root, then run 'strings /dev/mem' (I output to less and then search for my password).
Keep searching, you will eventually find:
<your username>
<your user pass>
sudo su -
<your user pass again>
I've tried on other linuxes, and BSD's but ubuntu is the only one that allows me to run strings on /dev/mem
I've also seen the password in association with the 'gksudo' command on ubuntu.
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. There are some Distros that ship patches to the /dev/mem handler, but these changes are not supported by the upstream kernel, and Ubuntu has not had the resources to maintain a patch delta. Root users have the capacity to examine per-process memory as well, so fixing /dev/mem would still not change this. The primary reasons to stop /dev/mem access is to avoid things like root-kit installation.
I'm unmarking this as private, as it is already a known public issue with the Linux kernel's /dev/mem interface.
Please feel free to report any other bugs you may find.