[Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise

[Krzysztof Halasa]

Rudolf Polzer <debian-ne at durchnull.de> writes:

> That does not help against the loadkeys issue if the attacking user is still
> logged in on another virtual console. Even when tty1 is active, a user owning
> tty6 can use loadkeys.

Sure. The problem is that mappings are shared between VCs but anyway
it's solved by disabling user changes.
I don't think there is a solution here, easier than hardware reset.
As for "server" machines (not simple terminals), physical locking is
critical.

> Well, sometimes you have problems that powercycling would "hide" so you can't
> track them down if you powercycle the whole computer every time.

In security-sensitive instalation, you simply don't expose the computers
to non-admins.

> For using foreign languages and keyboard mappings.

Hope they don't change the keys in the process.
Anyway, most people don't need that nor they need suid-wrapper.

BTW: there are similar problems with serial access: users can play
with termio(s) settings (especially CLOCAL flag) and fake
login/password requests. Unless the getty programs are fixed,
you don't want to connect dial-in modems to a machine with user
accounts. Not a kernel thing, though - Linux has termios locking
for 10+ yrs.
-- 
Krzysztof Halasa