[SunRescue] OT: Advice on Certification
James Lockwood
rescue at sunhelp.org
Sun May 6 23:36:20 CDT 2001
On Sun, 6 May 2001 ed at the7thbeer.com wrote:
> OOO this is a trick I've never seen before. How does one do such?
I worked this out back in '90 or so, back when an IEEE1275 OBP was still a
pretty new and nifty thing and there were piles of unprotected systems at
university computer labs. I found an OBP reference doc at Weird Stuff in
Sunnyvale, of all places.
It was known but obscure for several years until Mudge published one quick
and easy approach in Phrack 53. He goes into plenty of detail in his
article and I doubt I could do better, download it if you're interested.
In a nutshell, it's possible to tweak just about any memory location in
the system from an unprotected OBP. Modifying proc->p_cred->cr_uid is
trivial.
-James
More information about the rescue
mailing list