SAK.txt 2.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. Linux 2.4.2 Secure Attention Key (SAK) handling
  2. 18 March 2001, Andrew Morton
  3. An operating system's Secure Attention Key is a security tool which is
  4. provided as protection against trojan password capturing programs. It
  5. is an undefeatable way of killing all programs which could be
  6. masquerading as login applications. Users need to be taught to enter
  7. this key sequence before they log in to the system.
  8. From the PC keyboard, Linux has two similar but different ways of
  9. providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use
  10. this sequence. It is only available if the kernel was compiled with
  11. sysrq support.
  12. The proper way of generating a SAK is to define the key sequence using
  13. `loadkeys'. This will work whether or not sysrq support is compiled
  14. into the kernel.
  15. SAK works correctly when the keyboard is in raw mode. This means that
  16. once defined, SAK will kill a running X server. If the system is in
  17. run level 5, the X server will restart. This is what you want to
  18. happen.
  19. What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot
  20. the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll
  21. choose CTRL-ALT-PAUSE.
  22. In your rc.sysinit (or rc.local) file, add the command
  23. echo "control alt keycode 101 = SAK" | /bin/loadkeys
  24. And that's it! Only the superuser may reprogram the SAK key.
  25. NOTES
  26. =====
  27. 1: Linux SAK is said to be not a "true SAK" as is required by
  28. systems which implement C2 level security. This author does not
  29. know why.
  30. 2: On the PC keyboard, SAK kills all applications which have
  31. /dev/console opened.
  32. Unfortunately this includes a number of things which you don't
  33. actually want killed. This is because these applications are
  34. incorrectly holding /dev/console open. Be sure to complain to your
  35. Linux distributor about this!
  36. You can identify processes which will be killed by SAK with the
  37. command
  38. # ls -l /proc/[0-9]*/fd/* | grep console
  39. l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console
  40. Then:
  41. # ps aux|grep 579
  42. root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2
  43. So `gpm' will be killed by SAK. This is a bug in gpm. It should
  44. be closing standard input. You can work around this by finding the
  45. initscript which launches gpm and changing it thusly:
  46. Old:
  47. daemon gpm
  48. New:
  49. daemon gpm < /dev/null
  50. Vixie cron also seems to have this problem, and needs the same treatment.
  51. Also, one prominent Linux distribution has the following three
  52. lines in its rc.sysinit and rc scripts:
  53. exec 3<&0
  54. exec 4>&1
  55. exec 5>&2
  56. These commands cause *all* daemons which are launched by the
  57. initscripts to have file descriptors 3, 4 and 5 attached to
  58. /dev/console. So SAK kills them all. A workaround is to simply
  59. delete these lines, but this may cause system management
  60. applications to malfunction - test everything well.