Contents of /alx-src/tags/kernel26-2.6.12-alx-r9/Documentation/SAK.txt
Parent Directory | Revision Log
Revision 630 -
(show annotations)
(download)
Wed Mar 4 11:03:09 2009 UTC (15 years, 6 months ago) by niro
File MIME type: text/plain
File size: 2934 byte(s)
Wed Mar 4 11:03:09 2009 UTC (15 years, 6 months ago) by niro
File MIME type: text/plain
File size: 2934 byte(s)
Tag kernel26-2.6.12-alx-r9
1 | Linux 2.4.2 Secure Attention Key (SAK) handling |
2 | 18 March 2001, Andrew Morton <akpm@osdl.org> |
3 | |
4 | An operating system's Secure Attention Key is a security tool which is |
5 | provided as protection against trojan password capturing programs. It |
6 | is an undefeatable way of killing all programs which could be |
7 | masquerading as login applications. Users need to be taught to enter |
8 | this key sequence before they log in to the system. |
9 | |
10 | From the PC keyboard, Linux has two similar but different ways of |
11 | providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use |
12 | this sequence. It is only available if the kernel was compiled with |
13 | sysrq support. |
14 | |
15 | The proper way of generating a SAK is to define the key sequence using |
16 | `loadkeys'. This will work whether or not sysrq support is compiled |
17 | into the kernel. |
18 | |
19 | SAK works correctly when the keyboard is in raw mode. This means that |
20 | once defined, SAK will kill a running X server. If the system is in |
21 | run level 5, the X server will restart. This is what you want to |
22 | happen. |
23 | |
24 | What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot |
25 | the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll |
26 | choose CTRL-ALT-PAUSE. |
27 | |
28 | In your rc.sysinit (or rc.local) file, add the command |
29 | |
30 | echo "control alt keycode 101 = SAK" | /bin/loadkeys |
31 | |
32 | And that's it! Only the superuser may reprogram the SAK key. |
33 | |
34 | |
35 | NOTES |
36 | ===== |
37 | |
38 | 1: Linux SAK is said to be not a "true SAK" as is required by |
39 | systems which implement C2 level security. This author does not |
40 | know why. |
41 | |
42 | |
43 | 2: On the PC keyboard, SAK kills all applications which have |
44 | /dev/console opened. |
45 | |
46 | Unfortunately this includes a number of things which you don't |
47 | actually want killed. This is because these applications are |
48 | incorrectly holding /dev/console open. Be sure to complain to your |
49 | Linux distributor about this! |
50 | |
51 | You can identify processes which will be killed by SAK with the |
52 | command |
53 | |
54 | # ls -l /proc/[0-9]*/fd/* | grep console |
55 | l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console |
56 | |
57 | Then: |
58 | |
59 | # ps aux|grep 579 |
60 | root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2 |
61 | |
62 | So `gpm' will be killed by SAK. This is a bug in gpm. It should |
63 | be closing standard input. You can work around this by finding the |
64 | initscript which launches gpm and changing it thusly: |
65 | |
66 | Old: |
67 | |
68 | daemon gpm |
69 | |
70 | New: |
71 | |
72 | daemon gpm < /dev/null |
73 | |
74 | Vixie cron also seems to have this problem, and needs the same treatment. |
75 | |
76 | Also, one prominent Linux distribution has the following three |
77 | lines in its rc.sysinit and rc scripts: |
78 | |
79 | exec 3<&0 |
80 | exec 4>&1 |
81 | exec 5>&2 |
82 | |
83 | These commands cause *all* daemons which are launched by the |
84 | initscripts to have file descriptors 3, 4 and 5 attached to |
85 | /dev/console. So SAK kills them all. A workaround is to simply |
86 | delete these lines, but this may cause system management |
87 | applications to malfunction - test everything well. |
88 |