Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2273194d authored by Mauro Carvalho Chehab's avatar Mauro Carvalho Chehab Committed by Jonathan Corbet
Browse files

SAK.txt: standardize document format 



Each text file under Documentation follows a different
format. Some doesn't even have titles!

Change its representation to follow the adopted standard,
using ReST markups for it to be parseable by Sphinx:

- mark document title;
- use :Author: and :Date: for authorship;
- adjust notation for literals and bold;
- mark literal blocks;
- adjust identation.

Signed-off-by: default avatarMauro Carvalho Chehab <mchehab@s-opensource.com>
Signed-off-by: default avatarJonathan Corbet <corbet@lwn.net>
parent af3137f1

Documentation/SAK.txt

+34 −31
Original line number Diff line number Diff line 
Linux 2.4.2 Secure Attention Key (SAK) handling

18 March 2001, Andrew Morton

=========================================

Linux Secure Attention Key (SAK) handling

=========================================



:Date: 18 March 2001

:Author: Andrew Morton



An operating system's Secure Attention Key is a security tool which is

provided as protection against trojan password capturing programs.  It
@@ -13,7 +17,7 @@ this sequence. It is only available if the kernel was compiled with 
sysrq support.



The proper way of generating a SAK is to define the key sequence using

`loadkeys'.  This will work whether or not sysrq support is compiled

``loadkeys``.  This will work whether or not sysrq support is compiled

into the kernel.



SAK works correctly when the keyboard is in raw mode.  This means that
@@ -25,22 +29,21 @@ What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot 
the machine.  CTRL-ALT-BACKSPACE is magical to the X server.  We'll

choose CTRL-ALT-PAUSE.



In your rc.sysinit (or rc.local) file, add the command

In your rc.sysinit (or rc.local) file, add the command::



	echo "control alt keycode 101 = SAK" | /bin/loadkeys



And that's it!  Only the superuser may reprogram the SAK key.





NOTES

=====

.. note::



1: Linux SAK is said to be not a "true SAK" as is required by

  1. Linux SAK is said to be not a "true SAK" as is required by

     systems which implement C2 level security.  This author does not

     know why.





2: On the PC keyboard, SAK kills all applications which have

  2. On the PC keyboard, SAK kills all applications which have

     /dev/console opened.



     Unfortunately this includes a number of things which you don't
@@ -49,38 +52,38 @@ NOTES 
     Linux distributor about this!



     You can identify processes which will be killed by SAK with the

   command

     command::



	# ls -l /proc/[0-9]*/fd/* | grep console

	l-wx------    1 root     root           64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console



   Then:

     Then::



	# ps aux|grep 579

	root       579  0.0  0.1  1088  436 ?        S    00:43   0:00 gpm -t ps/2



   So `gpm' will be killed by SAK.  This is a bug in gpm.  It should

     So ``gpm`` will be killed by SAK.  This is a bug in gpm.  It should

     be closing standard input.  You can work around this by finding the

     initscript which launches gpm and changing it thusly:



   Old:

     Old::



	daemon gpm



   New:

     New::



	daemon gpm < /dev/null



     Vixie cron also seems to have this problem, and needs the same treatment.



     Also, one prominent Linux distribution has the following three

   lines in its rc.sysinit and rc scripts:

     lines in its rc.sysinit and rc scripts::



	exec 3<&0

	exec 4>&1

	exec 5>&2



   These commands cause *all* daemons which are launched by the

     These commands cause **all** daemons which are launched by the

     initscripts to have file descriptors 3, 4 and 5 attached to

     /dev/console.  So SAK kills them all.  A workaround is to simply

     delete these lines, but this may cause system management