DRI3000
DRI3000
Posted Feb 22, 2013 9:09 UTC (Fri) by Serge (guest, #84957)In reply to: DRI3000 by lindi
Parent article: LCA: The X-men speak
That would be Alt+SysRq+K (Secure Access Key aka SAK) under text console and/or Ctrl+Alt+Backspace under X. Supported by any Linux distribution. However some distributions turn them off by default.
Posted Feb 22, 2013 9:49 UTC (Fri)
by khim (subscriber, #9252)
[Link] (6 responses)
Posted Feb 22, 2013 19:58 UTC (Fri)
by Serge (guest, #84957)
[Link] (5 responses)
Sure, they work differently, but they solve the same problem. Think about it, what do you actually need this feature for? It won't protect you from virus deleting all files of your user. It won't help you against trojan, looking for your bank account. There's basically ONE problem that it should protect you from.
Imagine a public machine that different users can log in to. It does not matter, is it windows, linux, graphical or text terminal. User just comes, logs in, does the job and logs out, another user comes, etc. Now one of users creates a "fake-login-program" that looks exactly like a login screen, runs that program and goes home. Another user comes, thinks that it's a real login screen, enters login/password, and "fake-login-program" sends them to the author. That's the problem.
And that's the moment when you need those keys. If you're going to log in to a public Windows machine, you first hit Ctrl+Alt+Del, just in case, and then enter login/password. Same when you come to a public Linux machine, whatever you see on a screen, you first hit "Secure Access Key" (if there's something running, it gets killed, getty will respawn), then enter login/password. That's just another (better) solution to the same problem.
> (and can be used for forensic purposes without immediately killing everything or to just securely lock/unlock workstation's screen).
You can Ctrl+Alt+F1...F6, SAK, log in as root and "only guaranteed secure set of programs" will work there for you. Windows just don't have such a simple thing. :)
Posted Feb 23, 2013 15:19 UTC (Sat)
by khim (subscriber, #9252)
[Link] (4 responses)
Heh. I don't need to imagine that. This is exactly where we use Ctrl-Alt-Del on Windows the most. Yes, it does matter. Very much so. Sorry, but this is where you conveniently change your usecase to make sure you'll win the argument. Why would I log out? In our case it's pretty beefy test Windows system (actually few Windows systems: Windows XP, Windows Vista, Windows 7, Windows 8, etc) which is shared with many other developers. It's pretty beefy system so we don't log out out of it, but use Ctrl-Alt-Del to lock it instead. When machine is locked (and it's usually locked) I can press Ctrl-Alt-Del to guarantee that I'm at the login screen, log into the system as me (all my programs and windows are where I left them), then, when I'm done with testing, lock the screen again. It's safe because all the places where I enter password are under control of the administrator or me, other people's sessions never see my password. Is this a joke? Let's compare. Windows "awful solution": Linux's "better" solution: Do you really believe this convoluted dance which you need to perform again if you left the system for the 3 minutes to go to WC is somehow better then Windows approach? It looks like your information is out of date (as usual for Linux pundit). Windows received this ability in Windows Vista which is six year old by now! Before that it was impossible to combine secure Ctrl-Alt-Del with domains which made this approach not all that practically usable. Microsoft fixed it's usability problem and now it's pleasure to use (and quite safe to boot) while Linux pundits continue to preach that their beloved Linux has perfect solution while in fact it's approach is clearly inferior (it may be theoretically slightly more safe, but in practice it's very easy to use it in unsafe way and quite hard to use it in safe way which means that in practice it's worse). Both Linux and Windows continue to evolve and while some places where Linux is better still remain Windows is better in many, many aspects. Ctrl-Alt-Del vs Alt+SysRq+K/Ctrl+Alt+Backspace is one of them. Think about it: why Ctrl+Alt+Backspace is disabled on many [most?] Linux distributions? It's for a reason! This approach is dangerous: it's very easy to accidentally lose your data. Windows's approach, on the other hand, is not just safe - it's pleasure to use!
Posted Feb 23, 2013 22:12 UTC (Sat)
by Serge (guest, #84957)
[Link] (3 responses)
Good. Many people have a dedicated machine, often more than one, they need neither C-A-Del, nor C-A-BS, nor SAK, they just lock screen and don't worry about such things.
> this is where you conveniently change your usecase to make sure you'll win the argument. Why would I log out?
I explained a more complex case, since I wasn't sure what you actually want. What you have described is a regular switch user (http://i.imgur.com/uhIeO.png) feature that is supported in every distribution around.
To protect from someone creating a screensaver-like tool with fake "Switch User" button, you can configure display manager to autologin on tty1 and run a single program with the large "Switch User" button on it. After that to be safe every time you want to enter the password you press Ctrl+Alt+F1. :)
> Windows received this ability in Windows Vista which is six year old by now!
That's another ability. Under Linux on any virtual console you can run arbitrary "guaranteed secure set of programs", anything you want, not just winlogon dialog.
> Both Linux and Windows continue to evolve and while some places where Linux is better still remain Windows is better in many, many aspects.
Windows is usually better if you got used to it and its bugs. Windows is also often better when it works right out of the box and does exactly what you want. But when you want more, or want to optimize it for your needs, it's easier to configure linux then fight with windows. IMHO, of course.
Posted Feb 23, 2013 23:10 UTC (Sat)
by lindi (subscriber, #53135)
[Link] (2 responses)
Before we can assess the security of your solution I think you need to first implement it. Before we can assess the usability of your solution I think you need at least a few hundred users. Sorry but the devil is usually in the implementation details :) Also, constantly running a second X server on tty1 wastes memory.
Posted Feb 24, 2013 13:19 UTC (Sun)
by khim (subscriber, #9252)
[Link]
This waste is limited and should be similar to what Windows wastes for it's own login screen. So that's not a problem. This is a problem. Serge may argue that his solution is perfect (because it's not implemented and thus you can not argue about it's weaknesses) while I argue that it's extremely bad: solution which exists and is used is always more secure on practice then another solution which does not exist and is only imagined by someone.
Posted Feb 25, 2013 10:46 UTC (Mon)
by Serge (guest, #84957)
[Link]
It's easy. Create user "switcher", configure your DM to autologin it, and set its session to a shell script like this:
while true; do if zenity --info --text 'Switch Session'; then gdmflexiserver; fi; done
Just tested it with Ubuntu and LightDM.
> Before we can assess the usability of your solution I think you need at least a few hundred users.
How are you going to find them? Most people don't need it. Those few who really need it are skilled enough to write one-line-shell-script themselves. :)
> Also, constantly running a second X server on tty1 wastes memory.
Yeah, about 10-15 MB. If that's too much you can replace `zenity` with console `dialog` and run similar script instead of getty. Unlike Windows there're lots of options. :)
Posted Feb 22, 2013 11:16 UTC (Fri)
by lindi (subscriber, #53135)
[Link] (4 responses)
Section "InputClass"
to xorg.conf it manages to kill the server. However, a malicious user can run
setxkbmap -option ""
to disable this. It doesn't seem like ctrl-alt-backspace for designed for security.
Posted Feb 22, 2013 19:22 UTC (Fri)
by Serge (guest, #84957)
[Link] (3 responses)
That user would probably be you, and this is fine, since you should be able to change your settings. If someone else can run arbitrary commands in your session, Xorg is the least of your problems. :) Those setting will be lost as soon as you log out anyway.
> It doesn't seem like ctrl-alt-backspace for designed for security.
I guess it was not designed for security, but you can still use it for security. :) On the other hand Alt+SysRq+K was actually designed for security.
Posted Feb 22, 2013 19:35 UTC (Fri)
by lindi (subscriber, #53135)
[Link] (2 responses)
Posted Feb 22, 2013 20:11 UTC (Fri)
by Serge (guest, #84957)
[Link] (1 responses)
If somebody logged in, disabled terminate sequence and started login screen emulation, you'll notice, that nothing happens when you press Ctrl-Alt-BS. :) But I agree that "Secure Access Key" (Alt+SysRq+K on Linux) is better for that, and it works both for text and X terminals. It's just some distributions disable Magic SysRq keys, while C-A-BS usually works everywhere during login screen.
Posted Feb 22, 2013 20:26 UTC (Fri)
by lindi (subscriber, #53135)
[Link]
Ctrl+Alt+Backspace and Alt+SysRq+K perform distinctly different operation: they kill everything in this console and start new session. Ctrl+Alt+Backspace switches to separate context where only "guaranteed secure" set of programs work (and can be used for forensic purposes without immediately killing everything or to just securely lock/unlock workstation's screen).
DRI3000
DRI3000
DRI3000
Think about it, what do you actually need this feature for?
Imagine a public machine that different users can log in to.
It does not matter, is it windows, linux, graphical or text terminal.
User just comes, logs in, does the job and logs out, another user comes, etc.
If you're going to log in to a public Windows machine, you first hit Ctrl+Alt+Del, just in case, and then enter login/password. Same when you come to a public Linux machine, whatever you see on a screen, you first hit "Secure Access Key" (if there's something running, it gets killed, getty will respawn), then enter login/password. That's just another (better) solution to the same problem.
1. Press Alt-Ctrl-Del.
2. Pick your session.
3. Enter password and start workding.
1. Try to find some free text login screen on some console.
2. Press Alt+SysRq+K to restart everything.
3. Login and use some tools (which ones?) to see if your session is hijaked or not.
4. Do a logout on text console.
5. Switch to a graphical one where your session is still [hopefully] resides and finally
6. Unlock the screen.You can Ctrl+Alt+F1...F6, SAK, log in as root and "only guaranteed secure set of programs" will work there for you. Windows just don't have such a simple thing. :)
DRI3000
DRI3000
DRI3000
Also, constantly running a second X server on tty1 wastes memory.
Before we can assess the security of your solution I think you need to first implement it. Before we can assess the usability of your solution I think you need at least a few hundred users.
DRI3000
DRI3000
Identifier "Keyboard Defaults"
MatchIsKeyboard "yes"
Option "XkbOptions" "terminate:ctrl_alt_bksp"
EndSection
DRI3000
DRI3000
DRI3000
DRI3000
