[11287] in bugtraq
vlock + magic SysRQ key
daemon@ATHENA.MIT.EDU (Luis M. Cruz)
Fri Aug 6 15:42:41 1999
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=8P1HSweYDcXXzwPJ; micalg=pgp-sha1;
protocol="application/pgp-signature"
Message-Id: <19990804181632.B239@failure.ddns.org>
Date: Wed, 4 Aug 1999 18:16:32 +0200
Reply-To: "Luis M. Cruz" <lcruzva@CLIENTES.UNICAJA.ES>
From: "Luis M. Cruz" <lcruzva@CLIENTES.UNICAJA.ES>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--8P1HSweYDcXXzwPJ
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Hi!
Sorry if somebody has noticed this before or is only a stupid remark, but
a few days ago I found that you can kill vlock (and similar programs that
lock all linux consoles) with the alt+sysrq+k key combination on LiNUX 2.2.X
and 2.3.X (if you enabled magic keys when you compiled the kernel) so
someone could bypass the console locking and althought he cannot access the
session where vlock was ejecuted (because it has been killed), he can access
the other posibly opened sessions on other consoles. So, if you have enabled
the magic keys, using "vlock -a" is not secure!.
--
Saludos del General...
_______ _ .-.-. .-. .-.---.---. --------- Coordinador de LiMA ------=
---
( ____ ) \| | | | | | | ) _ ) Asociaci=F3n de usuarios de LiNUX de M=
=E1laga
| |_ / _ \ | |_| \_/ | \ _) http://iaeste.cie.uma.es/lima
| _ )/_/ \_\|___)\___/|_|\_\___) --------------------------------------=
---
| |Correo-E: <luismc@failure.dhis.org> LiNUX Reg. User #58=
539
|_|Web: http://moon.inf.uji.es/~luismc failure en IRC-Hisp=
ano
PGP keyID's: 0x6848D470 (DSS) / 0x255E9505 (RSA)
--8P1HSweYDcXXzwPJ
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
MessageID: dRNWOCSh5g5loUr07nM8+3/7kofZkPPW
iQA/AwUBN6hnX8ENB1VoSNRwEQJYxACffx+WhNNEaHUsyQIRIE84Ew1rGhEAnAkK
xdNrqkjepNLN9h2k5Iq1kDp/
=ApSX
-----END PGP SIGNATURE-----
--8P1HSweYDcXXzwPJ--
