1 ========================================= 1 =========================================
2 Linux Secure Attention Key (SAK) handling 2 Linux Secure Attention Key (SAK) handling
3 ========================================= 3 =========================================
4 4
5 :Date: 18 March 2001 5 :Date: 18 March 2001
6 :Author: Andrew Morton 6 :Author: Andrew Morton
7 7
8 An operating system's Secure Attention Key is 8 An operating system's Secure Attention Key is a security tool which is
9 provided as protection against trojan password 9 provided as protection against trojan password capturing programs. It
10 is an undefeatable way of killing all programs 10 is an undefeatable way of killing all programs which could be
11 masquerading as login applications. Users nee 11 masquerading as login applications. Users need to be taught to enter
12 this key sequence before they log in to the sy 12 this key sequence before they log in to the system.
13 13
14 From the PC keyboard, Linux has two similar bu 14 From the PC keyboard, Linux has two similar but different ways of
15 providing SAK. One is the ALT-SYSRQ-K sequenc 15 providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use
16 this sequence. It is only available if the ke 16 this sequence. It is only available if the kernel was compiled with
17 sysrq support. 17 sysrq support.
18 18
19 The proper way of generating a SAK is to defin 19 The proper way of generating a SAK is to define the key sequence using
20 ``loadkeys``. This will work whether or not s 20 ``loadkeys``. This will work whether or not sysrq support is compiled
21 into the kernel. 21 into the kernel.
22 22
23 SAK works correctly when the keyboard is in ra 23 SAK works correctly when the keyboard is in raw mode. This means that
24 once defined, SAK will kill a running X server 24 once defined, SAK will kill a running X server. If the system is in
25 run level 5, the X server will restart. This 25 run level 5, the X server will restart. This is what you want to
26 happen. 26 happen.
27 27
28 What key sequence should you use? Well, CTRL-A 28 What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot
29 the machine. CTRL-ALT-BACKSPACE is magical to 29 the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll
30 choose CTRL-ALT-PAUSE. 30 choose CTRL-ALT-PAUSE.
31 31
32 In your rc.sysinit (or rc.local) file, add the 32 In your rc.sysinit (or rc.local) file, add the command::
33 33
34 echo "control alt keycode 101 = SAK" | 34 echo "control alt keycode 101 = SAK" | /bin/loadkeys
35 35
36 And that's it! Only the superuser may reprogr 36 And that's it! Only the superuser may reprogram the SAK key.
37 37
38 38
39 .. note:: 39 .. note::
40 40
41 1. Linux SAK is said to be not a "true SAK" 41 1. Linux SAK is said to be not a "true SAK" as is required by
42 systems which implement C2 level security 42 systems which implement C2 level security. This author does not
43 know why. 43 know why.
44 44
45 45
46 2. On the PC keyboard, SAK kills all applica 46 2. On the PC keyboard, SAK kills all applications which have
47 /dev/console opened. 47 /dev/console opened.
48 48
49 Unfortunately this includes a number of t 49 Unfortunately this includes a number of things which you don't
50 actually want killed. This is because th 50 actually want killed. This is because these applications are
51 incorrectly holding /dev/console open. B 51 incorrectly holding /dev/console open. Be sure to complain to your
52 Linux distributor about this! 52 Linux distributor about this!
53 53
54 You can identify processes which will be 54 You can identify processes which will be killed by SAK with the
55 command:: 55 command::
56 56
57 # ls -l /proc/[0-9]*/fd/* | grep conso 57 # ls -l /proc/[0-9]*/fd/* | grep console
58 l-wx------ 1 root root 58 l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console
59 59
60 Then:: 60 Then::
61 61
62 # ps aux|grep 579 62 # ps aux|grep 579
63 root 579 0.0 0.1 1088 436 ? 63 root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2
64 64
65 So ``gpm`` will be killed by SAK. This i 65 So ``gpm`` will be killed by SAK. This is a bug in gpm. It should
66 be closing standard input. You can work 66 be closing standard input. You can work around this by finding the
67 initscript which launches gpm and changin 67 initscript which launches gpm and changing it thusly:
68 68
69 Old:: 69 Old::
70 70
71 daemon gpm 71 daemon gpm
72 72
73 New:: 73 New::
74 74
75 daemon gpm < /dev/null 75 daemon gpm < /dev/null
76 76
77 Vixie cron also seems to have this proble 77 Vixie cron also seems to have this problem, and needs the same treatment.
78 78
79 Also, one prominent Linux distribution ha 79 Also, one prominent Linux distribution has the following three
80 lines in its rc.sysinit and rc scripts:: 80 lines in its rc.sysinit and rc scripts::
81 81
82 exec 3<&0 82 exec 3<&0
83 exec 4>&1 83 exec 4>&1
84 exec 5>&2 84 exec 5>&2
85 85
86 These commands cause **all** daemons whic 86 These commands cause **all** daemons which are launched by the
87 initscripts to have file descriptors 3, 4 87 initscripts to have file descriptors 3, 4 and 5 attached to
88 /dev/console. So SAK kills them all. A 88 /dev/console. So SAK kills them all. A workaround is to simply
89 delete these lines, but this may cause sy 89 delete these lines, but this may cause system management
90 applications to malfunction - test everyt 90 applications to malfunction - test everything well.
91 91
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.