bug in SE Linux / LSM

From: Russell Coker (russellat_private)
Date: Thu Sep 05 2002 - 04:03:29 PDT

  • Next message: Stephen Smalley: "Re: bug in SE Linux / LSM"

    In my tutorial yesterday a Robert Dorn <selinuxat_private>
    discovered a bug in the way SE Linux/LSM operates.
    
    If you login to a virtual console as an unpriviledged user you can use 
    "loadkeys" to change the keyboard mapping for everything apart from the SAK 
    sequence.
    
    This can allow you to arbitarily re-program the keyboard which can make it 
    impossible to login (define it such that there is no ENTER key) or so that a 
    common key performs a bad function such as "; mkfs /dev/hda".
    
    You can do this whenever you are logged in at the console, but if there are a 
    number of virtual consoles open then you could change to a console that's not 
    commonly used and then run a program that takes input from the network to 
    determine keyboard mappings (and then wait for someone to login at the 
    console and control what they can do).
    
    One partial solution to this is to have a getty wrapper which runs "loadkeys 
    -d", which solves the problem of a hostile user remapping the keyboard and 
    logging out.  But it doesn't solve the problem of a hostile user remapping 
    the keyboard from a program that's still in a login session on another 
    virtual console.
    
    One potential solution to this would be to have the SAK sequence trigger a 
    relabel of all the devices that have getty's to their default type before 
    running "loadkeys -d".  Then you just have to get into the habit of "SAK 
    before login" (which you should have anyway).
    
    But it would be better if we could just catch such remappings in SE policy, in 
    99% of all machines there is no cause for the user to remap the keyboard.
    
    -- 
    I do not get viruses because I do not use MS software.
    If you use Outlook then please do not put my email address in your
    address-book so that WHEN you get a virus it won't use my address in the
    From field.
    
    _______________________________________________
    linux-security-module mailing list
    linux-security-moduleat_private
    http://mail.wirex.com/mailman/listinfo/linux-security-module
    



    This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 04:04:59 PDT