Bug#305600: [Pkg-shadow-devel] Wait a second. This bug is not fixed
Martin Quinson
martin.quinson@loria.fr
Sun, 8 May 2005 20:42:40 +0200
--DWg365Y4B18r8evw
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Sun, May 08, 2005 at 05:20:28PM +0300, Alexander Gattin wrote:
> Hello!
>=20
> On Sun, May 08, 2005 at 03:30:12PM +0200, Martin Quinson wrote:
>=20
> But IMHO SAK is cleaner and better solution.
> >=20
> > The submitter spoke about magic kernel keys and how we should use them =
to
> > prevent the attack.
>=20
> It was me who spoke...
Ups, sorry about this.
> > If it's doable and if it makes attacker life harder, I
> > don't see the point of not doing so.
>=20
> Just compile a kernel with "Magic SysRq key" enabled
> and then press Alt-SysRq-K on e.g. tty3.
>=20
> This will kill all processes on that terminal and then
> init will restart getty on it (assuming there's no
> surprises in your /etc/inittab ;)), thus giving you
> clean getty/login prompt.
>=20
> > I agree that when you have physical access to the box, security becomes=
very
> > difficult, but I don't want to use this as an excuse for not trying to
> > secure the boxes under this really common setting.
>=20
> Ha, on my system if you can do Alt-SysRq-K, you can do
> Alt-SysRq-U, Alt-SysRq-B, Alt-SysRq-O and so on.
>=20
> I didn't try to restrict this and don't know whether
> there's a way to do it.
>=20
> > So, I'd say that the ball is on the submitter side. How do you think we
> > could help here? What do you expects from us?
>=20
> I'd like to clarify this too. Let's wait a little and
> then close the bug. Also it's not a bad idea to mark
> the bug wontfix -- to turn it into kind of a FAQ.
My opinion is that we could do the following:
- document in login man page that those keys are the only way to secure the
login when other users have a physical access to the box (with or without
an idea about how to exploit this)
- reassign this bug to kernel image for not activating this by default in
debian kernels (or buy me a brain so that I can use it with a official
built kernel)
- maybe change the login program so that it gets mad when it receives the
Alt+SysRq+k key, saying someting like:
=20
Security issue: Got the Alt+SysRq+k key. Magic SysRq keys are not
compiled into the kernel. You cannot make sure that login is not pished.=
=2E.
=20
=20
What do you think about that? If you agree on my proposal, I may go further
and implement it.
Bye, Mt.
--DWg365Y4B18r8evw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCfl2fIiC/MeFF8zQRArknAJ9GdoZuSM4We+YwP2mHcSoprdZ7uACfXvMj
oYkyCqXnv+bt7wu4FDMhqyQ=
=lJul
-----END PGP SIGNATURE-----
--DWg365Y4B18r8evw--