diff options
Diffstat (limited to 'Documentation/SAK.txt')
-rw-r--r-- | Documentation/SAK.txt | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/Documentation/SAK.txt b/Documentation/SAK.txt new file mode 100644 index 000000000000..b9019ca872ea --- /dev/null +++ b/Documentation/SAK.txt | |||
@@ -0,0 +1,88 @@ | |||
1 | Linux 2.4.2 Secure Attention Key (SAK) handling | ||
2 | 18 March 2001, Andrew Morton <akpm@osdl.org> | ||
3 | |||
4 | An operating system's Secure Attention Key is a security tool which is | ||
5 | provided as protection against trojan password capturing programs. It | ||
6 | is an undefeatable way of killing all programs which could be | ||
7 | masquerading as login applications. Users need to be taught to enter | ||
8 | this key sequence before they log in to the system. | ||
9 | |||
10 | From the PC keyboard, Linux has two similar but different ways of | ||
11 | providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use | ||
12 | this sequence. It is only available if the kernel was compiled with | ||
13 | sysrq support. | ||
14 | |||
15 | The proper way of generating a SAK is to define the key sequence using | ||
16 | `loadkeys'. This will work whether or not sysrq support is compiled | ||
17 | into the kernel. | ||
18 | |||
19 | SAK works correctly when the keyboard is in raw mode. This means that | ||
20 | once defined, SAK will kill a running X server. If the system is in | ||
21 | run level 5, the X server will restart. This is what you want to | ||
22 | happen. | ||
23 | |||
24 | What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot | ||
25 | the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll | ||
26 | choose CTRL-ALT-PAUSE. | ||
27 | |||
28 | In your rc.sysinit (or rc.local) file, add the command | ||
29 | |||
30 | echo "control alt keycode 101 = SAK" | /bin/loadkeys | ||
31 | |||
32 | And that's it! Only the superuser may reprogram the SAK key. | ||
33 | |||
34 | |||
35 | NOTES | ||
36 | ===== | ||
37 | |||
38 | 1: Linux SAK is said to be not a "true SAK" as is required by | ||
39 | systems which implement C2 level security. This author does not | ||
40 | know why. | ||
41 | |||
42 | |||
43 | 2: On the PC keyboard, SAK kills all applications which have | ||
44 | /dev/console opened. | ||
45 | |||
46 | Unfortunately this includes a number of things which you don't | ||
47 | actually want killed. This is because these applications are | ||
48 | incorrectly holding /dev/console open. Be sure to complain to your | ||
49 | Linux distributor about this! | ||
50 | |||
51 | You can identify processes which will be killed by SAK with the | ||
52 | command | ||
53 | |||
54 | # ls -l /proc/[0-9]*/fd/* | grep console | ||
55 | l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console | ||
56 | |||
57 | Then: | ||
58 | |||
59 | # ps aux|grep 579 | ||
60 | root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2 | ||
61 | |||
62 | So `gpm' will be killed by SAK. This is a bug in gpm. It should | ||
63 | be closing standard input. You can work around this by finding the | ||
64 | initscript which launches gpm and changing it thusly: | ||
65 | |||
66 | Old: | ||
67 | |||
68 | daemon gpm | ||
69 | |||
70 | New: | ||
71 | |||
72 | daemon gpm < /dev/null | ||
73 | |||
74 | Vixie cron also seems to have this problem, and needs the same treatment. | ||
75 | |||
76 | Also, one prominent Linux distribution has the following three | ||
77 | lines in its rc.sysinit and rc scripts: | ||
78 | |||
79 | exec 3<&0 | ||
80 | exec 4>&1 | ||
81 | exec 5>&2 | ||
82 | |||
83 | These commands cause *all* daemons which are launched by the | ||
84 | initscripts to have file descriptors 3, 4 and 5 attached to | ||
85 | /dev/console. So SAK kills them all. A workaround is to simply | ||
86 | delete these lines, but this may cause system management | ||
87 | applications to malfunction - test everything well. | ||
88 | |||