| 1 |
1275 |
phoenix |
Linux 2.4.2 Secure Attention Key (SAK) handling
|
| 2 |
|
|
18 March 2001, Andrew Morton
|
| 3 |
|
|
|
| 4 |
|
|
An operating system's Secure Attention Key is a security tool which is
|
| 5 |
|
|
provided as protection against trojan password capturing programs. It
|
| 6 |
|
|
is an undefeatable way of killing all programs which could be
|
| 7 |
|
|
masquerading as login applications. Users need to be taught to enter
|
| 8 |
|
|
this key sequence before they log in to the system.
|
| 9 |
|
|
|
| 10 |
|
|
From the PC keyboard, Linux has two similar but different ways of
|
| 11 |
|
|
providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use
|
| 12 |
|
|
this sequence. It is only available if the kernel was compiled with
|
| 13 |
|
|
sysrq support.
|
| 14 |
|
|
|
| 15 |
|
|
The proper way of generating a SAK is to define the key sequence using
|
| 16 |
|
|
`loadkeys'. This will work whether or not sysrq support is compiled
|
| 17 |
|
|
into the kernel.
|
| 18 |
|
|
|
| 19 |
|
|
SAK works correctly when the keyboard is in raw mode. This means that
|
| 20 |
|
|
once defined, SAK will kill a running X server. If the system is in
|
| 21 |
|
|
run level 5, the X server will restart. This is what you want to
|
| 22 |
|
|
happen.
|
| 23 |
|
|
|
| 24 |
|
|
What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot
|
| 25 |
|
|
the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll
|
| 26 |
|
|
choose CTRL-ALT-PAUSE.
|
| 27 |
|
|
|
| 28 |
|
|
In your rc.sysinit (or rc.local) file, add the command
|
| 29 |
|
|
|
| 30 |
|
|
echo "control alt keycode 101 = SAK" | /bin/loadkeys
|
| 31 |
|
|
|
| 32 |
|
|
And that's it! Only the superuser may reprogram the SAK key.
|
| 33 |
|
|
|
| 34 |
|
|
|
| 35 |
|
|
NOTES
|
| 36 |
|
|
=====
|
| 37 |
|
|
|
| 38 |
|
|
1: Linux SAK is said to be not a "true SAK" as is required by
|
| 39 |
|
|
systems which implement C2 level security. This author does not
|
| 40 |
|
|
know why.
|
| 41 |
|
|
|
| 42 |
|
|
|
| 43 |
|
|
2: On the PC keyboard, SAK kills all applications which have
|
| 44 |
|
|
/dev/console opened.
|
| 45 |
|
|
|
| 46 |
|
|
Unfortunately this includes a number of things which you don't
|
| 47 |
|
|
actually want killed. This is because these appliccaitons are
|
| 48 |
|
|
incorrectly holding /dev/console open. Be sure to complain to your
|
| 49 |
|
|
Linux distributor about this!
|
| 50 |
|
|
|
| 51 |
|
|
You can identify processes which will be killed by SAK with the
|
| 52 |
|
|
command
|
| 53 |
|
|
|
| 54 |
|
|
# ls -l /proc/[0-9]*/fd/* | grep console
|
| 55 |
|
|
l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console
|
| 56 |
|
|
|
| 57 |
|
|
Then:
|
| 58 |
|
|
|
| 59 |
|
|
# ps aux|grep 579
|
| 60 |
|
|
root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2
|
| 61 |
|
|
|
| 62 |
|
|
So `gpm' will be killed by SAK. This is a bug in gpm. It should
|
| 63 |
|
|
be closing standard input. You can work around this by finding the
|
| 64 |
|
|
initscript which launches gpm and changing it thusly:
|
| 65 |
|
|
|
| 66 |
|
|
Old:
|
| 67 |
|
|
|
| 68 |
|
|
daemon gpm
|
| 69 |
|
|
|
| 70 |
|
|
New:
|
| 71 |
|
|
|
| 72 |
|
|
daemon gpm < /dev/null
|
| 73 |
|
|
|
| 74 |
|
|
Vixie cron also seems to have this problem, and needs the same treatment.
|
| 75 |
|
|
|
| 76 |
|
|
Also, one prominent Linux distribution has the following three
|
| 77 |
|
|
lines in its rc.sysinit and rc scripts:
|
| 78 |
|
|
|
| 79 |
|
|
exec 3<&0
|
| 80 |
|
|
exec 4>&1
|
| 81 |
|
|
exec 5>&2
|
| 82 |
|
|
|
| 83 |
|
|
These commands cause *all* daemons which are launched by the
|
| 84 |
|
|
initscripts to have file descriptors 3, 4 and 5 attached to
|
| 85 |
|
|
/dev/console. So SAK kills them all. A workaround is to simply
|
| 86 |
|
|
delete these lines, but this may cause system management
|
| 87 |
|
|
applications to malfunction - test everything well.
|
| 88 |
|
|
|
