[393] in linux-security and linux-alert archive
Re: console security (was Re: problem with selection)h
daemon@ATHENA.MIT.EDU (Zygo Blaxell)
Mon Sep 25 20:21:26 1995
From: Zygo Blaxell <zblaxell@miranda.uwaterloo.ca>
To: kjh@seas.smu.edu (Kenneth J. Hendrickson)
Date: Fri, 22 Sep 1995 04:16:32 -0400 (EDT)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0soqfY-000TqAC@seas.smu.edu> from "Kenneth J. Hendrickson" at Sep 2, 95 06:23:27 am
Quoted from Kenneth J. Hendrickson:
>
> Zygo Blaxell writes:
> >Console security really sucks on Linux.
>
> If anybody is sitting at the console they can do anything they want on
> any of the virtual console terminals anyway. In addition, there can be
> no security once access to physical hardware is possible.
Neither of these statements is necessarily true. If you are sitting at
my console, and you do not have a screwdriver, there is very little you
can do with it. The same is true of any Linux-based public workstation.
> Why put effort into fixing what can't be fixed?
Most Unix consoles are pretty secure. You can be assured that after
asserting DCD low followed by DCD high, for instance, that a serial
console is now presenting you with a real login prompt, not a program
the previous user left running. You can be assured that your console is
not being monitored, and will not be interfered with during the lifetime
of your session. You can assume that the keyboard keys have some
default mapping. And, on better consoles, you can hit a key which
assures that the console is now irretrievably disconnected from whatever
processes are currently running on it.
None of these are true for Linux; hence Linux console security sucks.
[mod: Linux has had the secure attention key for a very long time; it can
be enabled using setserial. Is there any indication that it doesn't
work? --okir]
--
Zygo Blaxell, former sysadmin and software/hardware guru for the University of
Waterloo Computer Science Club; current sysadmin for miranda.uwaterloo.ca and
Myrus Design, Inc. 10th place team, ACM Programming Contest International
Finals 1994. Will administer Unix (esp. Linux) for warm clothing or anime.
