Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S964802AbVJTXWO (ORCPT ); Thu, 20 Oct 2005 19:22:14 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S964803AbVJTXWO (ORCPT ); Thu, 20 Oct 2005 19:22:14 -0400 Received: from prgy-npn2.prodigy.com ([207.115.54.38]:57757 "EHLO oddball.prodigy.com") by vger.kernel.org with ESMTP id S964802AbVJTXWO (ORCPT ); Thu, 20 Oct 2005 19:22:14 -0400 Message-ID: <435826BB.1030809@tmr.com> Date: Thu, 20 Oct 2005 19:22:35 -0400 From: Bill Davidsen User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.11) Gecko/20050729 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Paul Jakma CC: Horms , linux-kernel@vger.kernel.org, Rudolf Polzer , 334113@bugs.debian.org, Alastair McKinstry , security@kernel.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org Subject: Re: kernel allows loadkeys to be used by any user, allowing for local root compromise References: <20051018044146.GF23462@verge.net.au> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1434 Lines: 35 Paul Jakma wrote: > On Tue, 18 Oct 2005, Krzysztof Halasa wrote: > >> OTOH I don't know why ordinary users should be allowed to change key >> bindings. > > > I like to load a custom keymap to swap ctrl and caps-lock. > > I'd like to keep that ability, but I'd much prefer if it didn't affect > all VTs, and if it didn't persist past the end of my session. I believe in security, no matter how inconvenient, but it would be desirable to allow the user to reload the keymap, and the character set as well, only for the session in use. The solution would seem to lie in having an unchanging SAK key, and on exit from a session absolutely reset everything. Clearly this would take some rethinking and a fair amount of work, so the right thing to do is use capabilities to block misuse until/unless convenience can be made secure. Key mapping as a whole sucks, you have the map you get in a vt, which is ignored by X which maps its own, except when an X app remaps it yet again locally. Lots of room for both evil and stupidity. -- -bill davidsen (davidsen@tmr.com) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/