[Secure-testing-team] Re: kernel allows loadkeys to be used by any
user, allowing for local root compromise
Krzysztof Halasa
khc at pm.waw.pl
Wed Oct 19 19:32:53 UTC 2005
Rudolf Polzer <debian-ne at durchnull.de> writes:
>> Ok. So they are exposed to known attacks with quite high probability.
>
> Which others? Are there other places that assume only trusted users can
> access
> the console?
Probably: BIOS booting, messing with computer cases (are the computers
in locked room and only kbds/monitors/mouses are accessible?), sniffing
keyboard cables (all other passwords if not root's), physical damage
to the computer hardware (some kind of DoS).
Still, may be adequate for student room.
>> I assume that one can notice that Ctrl-Alt-Backspace doesn't work,
>> and stop there.
>
> Not if a malicious X program does "chvt 1; chvt 7" when Ctrl-Alt-Backspace is
> pressed.
With correct timing, possibly. Depends on how the graphics driver starts
and switches from text mode. There might be noticeable differences.
> It would require a video driver that can actually reset the video mode.
> Framebuffer drivers usually can do that. For the standard VGA text mode, at
> least savetextmode/restoretextmode from svgalib don't work on the graphics
> cards I have.
I think Xserver could terminate gracefully. But it would require changes
to kernel SAK handling I think - not sure if it's worth it, given other
threats.
Another idea: if the machines are ACPI-enabled and have "soft-power"
buttons, one can make use of acpid.
--
Krzysztof Halasa
More information about the Secure-testing-team
mailing list