Bug#305600: [Pkg-shadow-devel] Wait a second. This bug is not fixed

Alexander Gattin arg@online.com.ua
Sun, 8 May 2005 17:20:28 +0300 

Hello!

On Sun, May 08, 2005 at 03:30:12PM +0200, Martin Quinson wrote:
> On Sun, May 08, 2005 at 02:03:20PM +0200, Christian Perrier wrote:
> > > happens. In my opinion, this is a unfixable bug.

This is the point I agree with.

> > > Whatever we do in login to prevent
> > > it could be done by an attacker, too.

First time I thought that it's an algorithmically
unsolvable problem ;) (because source is open etc.).

But it looks that I was wrong. User code just can't do
anything that root can. So we could flash kbd
indicators, change screen resolution, i.e. modify some
visual parameters that are not accessible from user
code.

But IMHO SAK is cleaner and better solution.

> > Please close this bug when all hairs have been careully cut in four
> > parts (typical French joke).

When the crayfish will whistle from the top of a hill.
(Russian joke ;)).

> The submitter spoke about magic kernel keys and how we should use them to
> prevent the attack.

It was me who spoke...

> If it's doable and if it makes attacker life harder, I
> don't see the point of not doing so.

Just compile a kernel with "Magic SysRq key" enabled
and then press Alt-SysRq-K on e.g. tty3.

This will kill all processes on that terminal and then
init will restart getty on it (assuming there's no
surprises in your /etc/inittab ;)), thus giving you
clean getty/login prompt.

> I agree that when you have physical access to the box, security becomes very
> difficult, but I don't want to use this as an excuse for not trying to
> secure the boxes under this really common setting.

Ha, on my system if you can do Alt-SysRq-K, you can do
Alt-SysRq-U, Alt-SysRq-B, Alt-SysRq-O and so on.

I didn't try to restrict this and don't know whether
there's a way to do it.

> So, I'd say that the ball is on the submitter side. How do you think we
> could help here? What do you expects from us?

I'd like to clarify this too. Let's wait a little and
then close the bug. Also it's not a bad idea to mark
the bug wontfix -- to turn it into kind of a FAQ.

-- 
WBR,
xrgtn