SAK.txt 3 KB
Newer Older
1 2 3 4 5 6
=========================================
Linux Secure Attention Key (SAK) handling
=========================================

:Date: 18 March 2001
:Author: Andrew Morton
Linus Torvalds's avatar
Linus Torvalds committed
7 8 9 10 11 12 13 14 15 16 17 18 19

An operating system's Secure Attention Key is a security tool which is
provided as protection against trojan password capturing programs.  It
is an undefeatable way of killing all programs which could be
masquerading as login applications.  Users need to be taught to enter
this key sequence before they log in to the system.

From the PC keyboard, Linux has two similar but different ways of
providing SAK.  One is the ALT-SYSRQ-K sequence.  You shouldn't use
this sequence.  It is only available if the kernel was compiled with
sysrq support.

The proper way of generating a SAK is to define the key sequence using
20
``loadkeys``.  This will work whether or not sysrq support is compiled
Linus Torvalds's avatar
Linus Torvalds committed
21 22 23 24 25 26 27 28 29 30 31
into the kernel.

SAK works correctly when the keyboard is in raw mode.  This means that
once defined, SAK will kill a running X server.  If the system is in
run level 5, the X server will restart.  This is what you want to
happen.

What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot
the machine.  CTRL-ALT-BACKSPACE is magical to the X server.  We'll
choose CTRL-ALT-PAUSE.

32
In your rc.sysinit (or rc.local) file, add the command::
Linus Torvalds's avatar
Linus Torvalds committed
33 34 35 36 37 38

	echo "control alt keycode 101 = SAK" | /bin/loadkeys

And that's it!  Only the superuser may reprogram the SAK key.


39
.. note::
Linus Torvalds's avatar
Linus Torvalds committed
40

41 42 43
  1. Linux SAK is said to be not a "true SAK" as is required by
     systems which implement C2 level security.  This author does not
     know why.
Linus Torvalds's avatar
Linus Torvalds committed
44 45


46 47
  2. On the PC keyboard, SAK kills all applications which have
     /dev/console opened.
Linus Torvalds's avatar
Linus Torvalds committed
48

49 50 51 52
     Unfortunately this includes a number of things which you don't
     actually want killed.  This is because these applications are
     incorrectly holding /dev/console open.  Be sure to complain to your
     Linux distributor about this!
Linus Torvalds's avatar
Linus Torvalds committed
53

54 55
     You can identify processes which will be killed by SAK with the
     command::
Linus Torvalds's avatar
Linus Torvalds committed
56 57 58 59

	# ls -l /proc/[0-9]*/fd/* | grep console
	l-wx------    1 root     root           64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console

60
     Then::
Linus Torvalds's avatar
Linus Torvalds committed
61 62 63 64

	# ps aux|grep 579
	root       579  0.0  0.1  1088  436 ?        S    00:43   0:00 gpm -t ps/2

65 66 67
     So ``gpm`` will be killed by SAK.  This is a bug in gpm.  It should
     be closing standard input.  You can work around this by finding the
     initscript which launches gpm and changing it thusly:
Linus Torvalds's avatar
Linus Torvalds committed
68

69
     Old::
Linus Torvalds's avatar
Linus Torvalds committed
70 71 72

	daemon gpm

73
     New::
Linus Torvalds's avatar
Linus Torvalds committed
74 75 76

	daemon gpm < /dev/null

77
     Vixie cron also seems to have this problem, and needs the same treatment.
Linus Torvalds's avatar
Linus Torvalds committed
78

79 80
     Also, one prominent Linux distribution has the following three
     lines in its rc.sysinit and rc scripts::
Linus Torvalds's avatar
Linus Torvalds committed
81 82 83 84 85

	exec 3<&0
	exec 4>&1
	exec 5>&2

86 87 88 89 90
     These commands cause **all** daemons which are launched by the
     initscripts to have file descriptors 3, 4 and 5 attached to
     /dev/console.  So SAK kills them all.  A workaround is to simply
     delete these lines, but this may cause system management
     applications to malfunction - test everything well.
Linus Torvalds's avatar
Linus Torvalds committed
91