Bug#305600: [Pkg-shadow-devel] Wait a second. This bug is not fixed

Martin Quinson martin.quinson@loria.fr
Sun, 8 May 2005 20:42:40 +0200 

--DWg365Y4B18r8evw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable


On Sun, May 08, 2005 at 05:20:28PM +0300, Alexander Gattin wrote:
> Hello!
>=20
> On Sun, May 08, 2005 at 03:30:12PM +0200, Martin Quinson wrote:
>=20
> But IMHO SAK is cleaner and better solution.
> >=20
> > The submitter spoke about magic kernel keys and how we should use them =
to
> > prevent the attack.
>=20
> It was me who spoke...

Ups, sorry about this.

> > If it's doable and if it makes attacker life harder, I
> > don't see the point of not doing so.
>=20
> Just compile a kernel with "Magic SysRq key" enabled
> and then press Alt-SysRq-K on e.g. tty3.
>=20
> This will kill all processes on that terminal and then
> init will restart getty on it (assuming there's no
> surprises in your /etc/inittab ;)), thus giving you
> clean getty/login prompt.
>=20
> > I agree that when you have physical access to the box, security becomes=
 very
> > difficult, but I don't want to use this as an excuse for not trying to
> > secure the boxes under this really common setting.
>=20
> Ha, on my system if you can do Alt-SysRq-K, you can do
> Alt-SysRq-U, Alt-SysRq-B, Alt-SysRq-O and so on.
>=20
> I didn't try to restrict this and don't know whether
> there's a way to do it.
>=20
> > So, I'd say that the ball is on the submitter side. How do you think we
> > could help here? What do you expects from us?
>=20
> I'd like to clarify this too. Let's wait a little and
> then close the bug. Also it's not a bad idea to mark
> the bug wontfix -- to turn it into kind of a FAQ.

My opinion is that we could do the following:

 - document in login man page that those keys are the only way to secure the
   login when other users have a physical access to the box (with or without
   an idea about how to exploit this)
 - reassign this bug to kernel image for not activating this by default in
   debian kernels (or buy me a brain so that I can use it with a official
   built kernel)
 - maybe change the login program so that it gets mad when it receives the
   Alt+SysRq+k key, saying someting like:
  =20
   Security issue: Got the Alt+SysRq+k key. Magic SysRq keys are not
   compiled into the kernel. You cannot make sure that login is not pished.=
=2E.
  =20
  =20
What do you think about that? If you agree on my proposal, I may go further
and implement it.

Bye, Mt.

--DWg365Y4B18r8evw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCfl2fIiC/MeFF8zQRArknAJ9GdoZuSM4We+YwP2mHcSoprdZ7uACfXvMj
oYkyCqXnv+bt7wu4FDMhqyQ=
=lJul
-----END PGP SIGNATURE-----

--DWg365Y4B18r8evw--