In my tutorial yesterday a Robert Dorn <selinuxat_private> discovered a bug in the way SE Linux/LSM operates. If you login to a virtual console as an unpriviledged user you can use "loadkeys" to change the keyboard mapping for everything apart from the SAK sequence. This can allow you to arbitarily re-program the keyboard which can make it impossible to login (define it such that there is no ENTER key) or so that a common key performs a bad function such as "; mkfs /dev/hda". You can do this whenever you are logged in at the console, but if there are a number of virtual consoles open then you could change to a console that's not commonly used and then run a program that takes input from the network to determine keyboard mappings (and then wait for someone to login at the console and control what they can do). One partial solution to this is to have a getty wrapper which runs "loadkeys -d", which solves the problem of a hostile user remapping the keyboard and logging out. But it doesn't solve the problem of a hostile user remapping the keyboard from a program that's still in a login session on another virtual console. One potential solution to this would be to have the SAK sequence trigger a relabel of all the devices that have getty's to their default type before running "loadkeys -d". Then you just have to get into the habit of "SAK before login" (which you should have anyway). But it would be better if we could just catch such remappings in SE policy, in 99% of all machines there is no cause for the user to remap the keyboard. -- I do not get viruses because I do not use MS software. If you use Outlook then please do not put my email address in your address-book so that WHEN you get a virus it won't use my address in the From field. _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 04:04:59 PDT