Commit | Line | Data |
---|---|---|
1da177e4 | 1 | Linux 2.4.2 Secure Attention Key (SAK) handling |
e1f8e874 | 2 | 18 March 2001, Andrew Morton |
1da177e4 LT |
3 | |
4 | An operating system's Secure Attention Key is a security tool which is | |
5 | provided as protection against trojan password capturing programs. It | |
6 | is an undefeatable way of killing all programs which could be | |
7 | masquerading as login applications. Users need to be taught to enter | |
8 | this key sequence before they log in to the system. | |
9 | ||
10 | From the PC keyboard, Linux has two similar but different ways of | |
11 | providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use | |
12 | this sequence. It is only available if the kernel was compiled with | |
13 | sysrq support. | |
14 | ||
15 | The proper way of generating a SAK is to define the key sequence using | |
16 | `loadkeys'. This will work whether or not sysrq support is compiled | |
17 | into the kernel. | |
18 | ||
19 | SAK works correctly when the keyboard is in raw mode. This means that | |
20 | once defined, SAK will kill a running X server. If the system is in | |
21 | run level 5, the X server will restart. This is what you want to | |
22 | happen. | |
23 | ||
24 | What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot | |
25 | the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll | |
26 | choose CTRL-ALT-PAUSE. | |
27 | ||
28 | In your rc.sysinit (or rc.local) file, add the command | |
29 | ||
30 | echo "control alt keycode 101 = SAK" | /bin/loadkeys | |
31 | ||
32 | And that's it! Only the superuser may reprogram the SAK key. | |
33 | ||
34 | ||
35 | NOTES | |
36 | ===== | |
37 | ||
38 | 1: Linux SAK is said to be not a "true SAK" as is required by | |
39 | systems which implement C2 level security. This author does not | |
40 | know why. | |
41 | ||
42 | ||
43 | 2: On the PC keyboard, SAK kills all applications which have | |
44 | /dev/console opened. | |
45 | ||
46 | Unfortunately this includes a number of things which you don't | |
47 | actually want killed. This is because these applications are | |
48 | incorrectly holding /dev/console open. Be sure to complain to your | |
49 | Linux distributor about this! | |
50 | ||
51 | You can identify processes which will be killed by SAK with the | |
52 | command | |
53 | ||
54 | # ls -l /proc/[0-9]*/fd/* | grep console | |
55 | l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console | |
56 | ||
57 | Then: | |
58 | ||
59 | # ps aux|grep 579 | |
60 | root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2 | |
61 | ||
62 | So `gpm' will be killed by SAK. This is a bug in gpm. It should | |
63 | be closing standard input. You can work around this by finding the | |
64 | initscript which launches gpm and changing it thusly: | |
65 | ||
66 | Old: | |
67 | ||
68 | daemon gpm | |
69 | ||
70 | New: | |
71 | ||
72 | daemon gpm < /dev/null | |
73 | ||
74 | Vixie cron also seems to have this problem, and needs the same treatment. | |
75 | ||
76 | Also, one prominent Linux distribution has the following three | |
77 | lines in its rc.sysinit and rc scripts: | |
78 | ||
79 | exec 3<&0 | |
80 | exec 4>&1 | |
81 | exec 5>&2 | |
82 | ||
83 | These commands cause *all* daemons which are launched by the | |
84 | initscripts to have file descriptors 3, 4 and 5 attached to | |
85 | /dev/console. So SAK kills them all. A workaround is to simply | |
86 | delete these lines, but this may cause system management | |
87 | applications to malfunction - test everything well. | |
88 |