From: Bill Davidsen <davidsen@tmr.com>
To: Paul Jakma <paul@clubi.ie>
Cc: Horms <horms@verge.net.au>,
linux-kernel@vger.kernel.org,
Rudolf Polzer <debian-ne@durchnull.de>,
334113@bugs.debian.org, Alastair McKinstry <mckinstry@debian.org>,
security@kernel.org, team@security.debian.org,
secure-testing-team@lists.alioth.debian.org
Subject: Re: kernel allows loadkeys to be used by any user, allowing for local root compromise
Date: Thu, 20 Oct 2005 19:22:35 -0400 [thread overview]
Message-ID: <435826BB.1030809@tmr.com> (raw)
In-Reply-To: <Pine.LNX.4.63.0510200340280.3396@sheen.jakma.org>
Paul Jakma wrote:
> On Tue, 18 Oct 2005, Krzysztof Halasa wrote:
>
>> OTOH I don't know why ordinary users should be allowed to change key
>> bindings.
>
>
> I like to load a custom keymap to swap ctrl and caps-lock.
>
> I'd like to keep that ability, but I'd much prefer if it didn't affect
> all VTs, and if it didn't persist past the end of my session.
I believe in security, no matter how inconvenient, but it would be
desirable to allow the user to reload the keymap, and the character set
as well, only for the session in use. The solution would seem to lie in
having an unchanging SAK key, and on exit from a session absolutely
reset everything.
Clearly this would take some rethinking and a fair amount of work, so
the right thing to do is use capabilities to block misuse until/unless
convenience can be made secure.
Key mapping as a whole sucks, you have the map you get in a vt, which is
ignored by X which maps its own, except when an X app remaps it yet
again locally. Lots of room for both evil and stupidity.
--
-bill davidsen (davidsen@tmr.com)
"The secret to procrastination is to put things off until the
last possible moment - but no longer" -me
next prev parent reply other threads:[~2005-10-20 23:22 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <E1EQofT-0001WP-00@master.debian.org>
2005-10-18 4:41 ` kernel allows loadkeys to be used by any user, allowing for local root compromise Horms
2005-10-18 6:52 ` [Security] " Andrew Morton
2005-10-18 8:59 ` Horms
2005-10-18 14:42 ` Krzysztof Halasa
2005-10-18 17:16 ` Rudolf Polzer
2005-10-18 18:41 ` Krzysztof Halasa
2005-10-18 20:49 ` Rudolf Polzer
2005-10-19 11:18 ` Krzysztof Halasa
2005-10-19 13:23 ` Rudolf Polzer
2005-10-19 19:32 ` Krzysztof Halasa
2005-10-19 20:24 ` Rudolf Polzer
2005-10-19 22:57 ` Krzysztof Halasa
2005-10-19 23:12 ` Rudolf Polzer
2005-10-20 15:05 ` Krzysztof Halasa
2005-10-19 4:14 ` [Secure-testing-team] " Anthony DeRobertis
2005-10-19 11:00 ` Krzysztof Halasa
2005-10-20 2:42 ` Paul Jakma
2005-10-20 23:22 ` Bill Davidsen [this message]
2005-10-18 21:19 ` [Secure-testing-team] " Moritz Muehlenhoff
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=435826BB.1030809@tmr.com \
--to=davidsen@tmr.com \
--cc=334113@bugs.debian.org \
--cc=debian-ne@durchnull.de \
--cc=horms@verge.net.au \
--cc=linux-kernel@vger.kernel.org \
--cc=mckinstry@debian.org \
--cc=paul@clubi.ie \
--cc=secure-testing-team@lists.alioth.debian.org \
--cc=security@kernel.org \
--cc=team@security.debian.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox