linux/Documentation/security/sak.rst
<<
>>
Prefs
   1=========================================
   2Linux Secure Attention Key (SAK) handling
   3=========================================
   4
   5:Date: 18 March 2001
   6:Author: Andrew Morton
   7
   8An operating system's Secure Attention Key is a security tool which is
   9provided as protection against trojan password capturing programs.  It
  10is an undefeatable way of killing all programs which could be
  11masquerading as login applications.  Users need to be taught to enter
  12this key sequence before they log in to the system.
  13
  14From the PC keyboard, Linux has two similar but different ways of
  15providing SAK.  One is the ALT-SYSRQ-K sequence.  You shouldn't use
  16this sequence.  It is only available if the kernel was compiled with
  17sysrq support.
  18
  19The proper way of generating a SAK is to define the key sequence using
  20``loadkeys``.  This will work whether or not sysrq support is compiled
  21into the kernel.
  22
  23SAK works correctly when the keyboard is in raw mode.  This means that
  24once defined, SAK will kill a running X server.  If the system is in
  25run level 5, the X server will restart.  This is what you want to
  26happen.
  27
  28What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot
  29the machine.  CTRL-ALT-BACKSPACE is magical to the X server.  We'll
  30choose CTRL-ALT-PAUSE.
  31
  32In your rc.sysinit (or rc.local) file, add the command::
  33
  34        echo "control alt keycode 101 = SAK" | /bin/loadkeys
  35
  36And that's it!  Only the superuser may reprogram the SAK key.
  37
  38
  39.. note::
  40
  41  1. Linux SAK is said to be not a "true SAK" as is required by
  42     systems which implement C2 level security.  This author does not
  43     know why.
  44
  45
  46  2. On the PC keyboard, SAK kills all applications which have
  47     /dev/console opened.
  48
  49     Unfortunately this includes a number of things which you don't
  50     actually want killed.  This is because these applications are
  51     incorrectly holding /dev/console open.  Be sure to complain to your
  52     Linux distributor about this!
  53
  54     You can identify processes which will be killed by SAK with the
  55     command::
  56
  57        # ls -l /proc/[0-9]*/fd/* | grep console
  58        l-wx------    1 root     root           64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console
  59
  60     Then::
  61
  62        # ps aux|grep 579
  63        root       579  0.0  0.1  1088  436 ?        S    00:43   0:00 gpm -t ps/2
  64
  65     So ``gpm`` will be killed by SAK.  This is a bug in gpm.  It should
  66     be closing standard input.  You can work around this by finding the
  67     initscript which launches gpm and changing it thusly:
  68
  69     Old::
  70
  71        daemon gpm
  72
  73     New::
  74
  75        daemon gpm < /dev/null
  76
  77     Vixie cron also seems to have this problem, and needs the same treatment.
  78
  79     Also, one prominent Linux distribution has the following three
  80     lines in its rc.sysinit and rc scripts::
  81
  82        exec 3<&0
  83        exec 4>&1
  84        exec 5>&2
  85
  86     These commands cause **all** daemons which are launched by the
  87     initscripts to have file descriptors 3, 4 and 5 attached to
  88     /dev/console.  So SAK kills them all.  A workaround is to simply
  89     delete these lines, but this may cause system management
  90     applications to malfunction - test everything well.
  91
  92