Re: nmon

From: Jan-Frode Myklebust (janfrode@PARALLAB.UIB.NO)
Date: Fri Apr 02 2004 - 16:16:32 EST

• Next message: Ayman Rayyan: "(no subject)"
• Previous message: John Jolet: "Re: nmon"
• In reply to: Mandeville, Janet A: "nmon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

On Fri, Apr 02, 2004 at 10:25:24AM -0600, Mandeville, Janet A wrote:
> We are having a debate about the wisdom of setting the necessary
> permissions (chmod ugo+r /dev/kmem) in order to allow users to run nmon.
> One point of view is that this is dangerous; another point of view is
> that it is not.

It means anybody can read all virtual memory on your system. If you
have any applications running that uses passwords for autentication,
you can probably find the plaintext password via 'strings /dev/kmem'.

My solution to giving nmon sufficient, but minial privileges was to
make it owned by root:system, and set-gid system:

        chown root:system nmon
        chmod g+s nmon

   -jf

• Next message: Ayman Rayyan: "(no subject)"
• Previous message: John Jolet: "Re: nmon"
• In reply to: Mandeville, Janet A: "nmon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:48 EDT