Re: Why Sysrq+k does not offer a trusted path

From: Bernd Eckenfels
Date: Mon Sep 29 2003 - 02:23:49 EST

Next message: viro: "Re: Why Sysrq+k does not offer a trusted path"
Previous message: Rusty Russell: "[PATCH] Many groups patch."
In reply to: Oliver Tennert: "Why Sysrq+k does not offer a trusted path"
Next in thread: viro: "Re: Why Sysrq+k does not offer a trusted path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <Pine.LNX.4.44.0309290836460.16991-100000@xxxxxxxxxxxxxxxxxxxxxxxxxxx> you wrote:
> Thus it is a more secure way to offer a real SAK.

Well, root can still disabled it, for example by debugging kernel memory.
Generally, unless you ise priveledges, you cant avoid having root disable
SAK. But this is not the real problem anyway. SAK is supposed to protect
users from other non priveledged users. The main problem with SAK are
various graphical console modes, which cant be easyly restored. I think
currently SAK is not interpreted in all keyboard modes, do avoid somebody to
kill off the console in a inconsitent state. There are for example some
X-Servers which need to reset the text mode by themself or the display is
lost.

Greetings
Bernd
--
eckes privat - http://www.eckes.org/
Project Freefire - http://www.freefire.org/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: viro: "Re: Why Sysrq+k does not offer a trusted path"
Previous message: Rusty Russell: "[PATCH] Many groups patch."
In reply to: Oliver Tennert: "Why Sysrq+k does not offer a trusted path"
Next in thread: viro: "Re: Why Sysrq+k does not offer a trusted path"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]