[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Is `loadkeys' a security risk?

 If any user who has read access to /dev/console can run loadkeys, as
 it says in the `loadkeys' man page, then it seems to me that anyone
 could reset the keymap to either an unusable one, or one where a key
 has been set to a string like "cd /; rm -rf /^M" or something.

 Is my fear unfounded?  I can't imagine being the only person to have
 thought of this.  Why isn't the `loadkeys' functionality protected,
 perhaps with a sysctl switch?  (Or is it?  If so, why isn't that
 documented in the `loadkeys' man page?)

Reply to: