Re: Is `loadkeys' a security risk?

To: karlheg@debian.org (Karl M. Hegbloom)
Cc: debian-devel@lists.debian.org
Subject: Re: Is `loadkeys' a security risk?
From: Goswin Brederlow <goswin.brederlow@student.uni-tuebingen.de>
Date: 07 Jul 1999 11:26:42 +0200
Message-id: <[🔎] 87908shktp.fsf@rut.informatik.uni-tuebingen.de>
In-reply-to: karlheg@debian.org's message of "04 Jul 1999 18:19:14 -0700"
References: <[🔎] 87d7y7ki5p.fsf@journeyhawk.sysc.pdx.edu>

karlheg@debian.org (Karl M. Hegbloom) writes:

>  If any user who has read access to /dev/console can run loadkeys, as
>  it says in the `loadkeys' man page, then it seems to me that anyone
>  could reset the keymap to either an unusable one, or one where a key
>  has been set to a string like "cd /; rm -rf /^M" or something.
> 
>  Is my fear unfounded?  I can't imagine being the only person to have
>  thought of this.  Why isn't the `loadkeys' functionality protected,
>  perhaps with a sysctl switch?  (Or is it?  If so, why isn't that
>  documented in the `loadkeys' man page?)

Your right, you can eaysily trash the keymap to be unusable and thus
make a deniel of service attack.
Samve for X, you can use xmodmap to make X unuseable and unkillable.
How should you change back to console without a ctrl key? And what if
the console was trashed with loadkey as well?

My opinion is that nobody but root should be allowed to do that stuff, 
but other might disagree with me there.

May the Source be with you.
			Goswin

Reply to:

Follow-Ups:
- Re: Is `loadkeys' a security risk?
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>

References:
- Is `loadkeys' a security risk?
  - From: karlheg@debian.org (Karl M. Hegbloom)

Prev by Date: Re: Pentium Optimized
Next by Date: Re: Clarification: Eliminate nagging at installation time?
Previous by thread: Is `loadkeys' a security risk?
Next by thread: Re: Is `loadkeys' a security risk?
Index(es):
- Date
- Thread