Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751159AbVJRSlW (ORCPT ); Tue, 18 Oct 2005 14:41:22 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751160AbVJRSlV (ORCPT ); Tue, 18 Oct 2005 14:41:21 -0400 Received: from khc.piap.pl ([195.187.100.11]:25604 "EHLO khc.piap.pl") by vger.kernel.org with ESMTP id S1751159AbVJRSlV (ORCPT ); Tue, 18 Oct 2005 14:41:21 -0400 To: Rudolf Polzer Cc: Horms , linux-kernel@vger.kernel.org, 334113@bugs.debian.org, Alastair McKinstry , security@kernel.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org Subject: Re: kernel allows loadkeys to be used by any user, allowing for local root compromise References: <20051018044146.GF23462@verge.net.au> <20051018171645.GA59028%atfield-dt@durchnull.de> From: Krzysztof Halasa Date: Tue, 18 Oct 2005 20:41:19 +0200 In-Reply-To: <20051018171645.GA59028%atfield-dt@durchnull.de> (Rudolf Polzer's message of "Tue, 18 Oct 2005 19:16:45 +0200") Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1487 Lines: 36 Rudolf Polzer writes: > That does not help against the loadkeys issue if the attacking user is still > logged in on another virtual console. Even when tty1 is active, a user owning > tty6 can use loadkeys. Sure. The problem is that mappings are shared between VCs but anyway it's solved by disabling user changes. I don't think there is a solution here, easier than hardware reset. As for "server" machines (not simple terminals), physical locking is critical. > Well, sometimes you have problems that powercycling would "hide" so you can't > track them down if you powercycle the whole computer every time. In security-sensitive instalation, you simply don't expose the computers to non-admins. > For using foreign languages and keyboard mappings. Hope they don't change the keys in the process. Anyway, most people don't need that nor they need suid-wrapper. BTW: there are similar problems with serial access: users can play with termio(s) settings (especially CLOCAL flag) and fake login/password requests. Unless the getty programs are fixed, you don't want to connect dial-in modems to a machine with user accounts. Not a kernel thing, though - Linux has termios locking for 10+ yrs. -- Krzysztof Halasa - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/