Re: kernel allows loadkeys to be used by any user, allowing for local root compromise

From: Krzysztof Halasa (khc_at_pm.waw.pl)
Date: 10/18/05

  • Next message: John Richard Moser: "Re: OOM killer code in 2.6 kernel" 
    To: Rudolf Polzer <debian-ne@durchnull.de>
Date:	Tue, 18 Oct 2005 20:41:19 +0200

    Rudolf Polzer <debian-ne@durchnull.de> writes:

    > That does not help against the loadkeys issue if the attacking user is still
    > logged in on another virtual console. Even when tty1 is active, a user owning
    > tty6 can use loadkeys.

    Sure. The problem is that mappings are shared between VCs but anyway
    it's solved by disabling user changes.
    I don't think there is a solution here, easier than hardware reset.
    As for "server" machines (not simple terminals), physical locking is
    critical.

    > Well, sometimes you have problems that powercycling would "hide" so you can't
    > track them down if you powercycle the whole computer every time.

    In security-sensitive instalation, you simply don't expose the computers
    to non-admins.

    > For using foreign languages and keyboard mappings.

    Hope they don't change the keys in the process.
    Anyway, most people don't need that nor they need suid-wrapper.

    BTW: there are similar problems with serial access: users can play
    with termio(s) settings (especially CLOCAL flag) and fake
    login/password requests. Unless the getty programs are fixed,
    you don't want to connect dial-in modems to a machine with user
    accounts. Not a kernel thing, though - Linux has termios locking
    for 10+ yrs. 

    -- 
Krzysztof Halasa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
  • Next message: John Richard Moser: "Re: OOM killer code in 2.6 kernel"

    Relevant Pages