6.30. When there are no restrictions for unprivileged users and if the option for config_rdskernel configuration is set, hackers can write arbitrary values into kernel memory (by making specific types of socket function calls) since kernel software has not authenticated that the user address is actually found in the user segment. The lack of verification of the user address can provide hackers to gain privileges and access to areas that they should not have, since they are not users with an address residing in the proper user segment.
Perhaps the most insecure facet of Unix systems can be found in the usage of r-tools, which also routinely fail to verify the authenticity of user names and addresses. In theory, r-tools are supposed to function as a measure of convenience which allows privileged users the ability to login to networks and individual computers without presenting a password. Yet this same potential...
[ View Full Essay]