Re: security / kbd

From: Bodo Eggert
Date: Fri Dec 02 2005 - 19:19:44 EST


Andries Brouwer <Andries.Brouwer@xxxxxx> wrote:

> Recently I muttered a little bit about the fact that everybody who
> can mount filesystems using an "auto" fstab filesystem type entry
> (or using e.g. an "ext2" entry) can crash the system.
> But nobody on lk seems impressed.
> Of course, one can always say that it is the distribution's fault,
> or the sysadmin's fault to have such fstab entries.
> Still, I think the situation can be improved.

Yes, by fixing the file systems or by implementing safe user mounts. It will
be something like fuse, maybe it will be fuse using a userspace version
of a kernel thread. Maybe not.

> On the other hand, I am told that recent kernels restrict the use of
> loadkeys to root. If so, an unfortunate choice. People want to switch
> unicode support on/off, or go from/to a dvorak keymap.
> What was the security problem?

It's global, and it can be done remotely. Therefore you can either have
remote logins or a secure console.

The correct fix would be binding the keymap to the current tty only,
resetting the console if it gets closed and not allowing init to reuse
it unless it's closed. If you do this, you'll want a default setting, too.

YANI: Root should be able to set a coloured border indicating that it's
really the getty/login process asking for the user prompt/password.
--
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/