Back to home page

LXR

 
 

    


0001 Linux 2.4.2 Secure Attention Key (SAK) handling
0002 18 March 2001, Andrew Morton
0003 
0004 An operating system's Secure Attention Key is a security tool which is
0005 provided as protection against trojan password capturing programs.  It
0006 is an undefeatable way of killing all programs which could be
0007 masquerading as login applications.  Users need to be taught to enter
0008 this key sequence before they log in to the system.
0009 
0010 From the PC keyboard, Linux has two similar but different ways of
0011 providing SAK.  One is the ALT-SYSRQ-K sequence.  You shouldn't use
0012 this sequence.  It is only available if the kernel was compiled with
0013 sysrq support.
0014 
0015 The proper way of generating a SAK is to define the key sequence using
0016 `loadkeys'.  This will work whether or not sysrq support is compiled
0017 into the kernel.
0018 
0019 SAK works correctly when the keyboard is in raw mode.  This means that
0020 once defined, SAK will kill a running X server.  If the system is in
0021 run level 5, the X server will restart.  This is what you want to
0022 happen.
0023 
0024 What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot
0025 the machine.  CTRL-ALT-BACKSPACE is magical to the X server.  We'll
0026 choose CTRL-ALT-PAUSE.
0027 
0028 In your rc.sysinit (or rc.local) file, add the command
0029 
0030         echo "control alt keycode 101 = SAK" | /bin/loadkeys
0031 
0032 And that's it!  Only the superuser may reprogram the SAK key.
0033 
0034 
0035 NOTES
0036 =====
0037 
0038 1: Linux SAK is said to be not a "true SAK" as is required by
0039    systems which implement C2 level security.  This author does not
0040    know why.
0041 
0042 
0043 2: On the PC keyboard, SAK kills all applications which have
0044    /dev/console opened.
0045 
0046    Unfortunately this includes a number of things which you don't
0047    actually want killed.  This is because these applications are
0048    incorrectly holding /dev/console open.  Be sure to complain to your
0049    Linux distributor about this!
0050 
0051    You can identify processes which will be killed by SAK with the
0052    command
0053 
0054         # ls -l /proc/[0-9]*/fd/* | grep console
0055         l-wx------    1 root     root           64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console
0056 
0057    Then:
0058 
0059         # ps aux|grep 579
0060         root       579  0.0  0.1  1088  436 ?        S    00:43   0:00 gpm -t ps/2
0061 
0062    So `gpm' will be killed by SAK.  This is a bug in gpm.  It should
0063    be closing standard input.  You can work around this by finding the
0064    initscript which launches gpm and changing it thusly:
0065 
0066    Old:
0067 
0068         daemon gpm
0069 
0070    New:
0071 
0072         daemon gpm < /dev/null
0073 
0074    Vixie cron also seems to have this problem, and needs the same treatment.
0075 
0076    Also, one prominent Linux distribution has the following three
0077    lines in its rc.sysinit and rc scripts:
0078 
0079         exec 3<&0
0080         exec 4>&1
0081         exec 5>&2
0082 
0083    These commands cause *all* daemons which are launched by the
0084    initscripts to have file descriptors 3, 4 and 5 attached to
0085    /dev/console.  So SAK kills them all.  A workaround is to simply
0086    delete these lines, but this may cause system management
0087    applications to malfunction - test everything well.
0088