Re: [Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: unlisted-recipients:; (no To-header on input)

Subject: Re: [Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise

From: Anthony DeRobertis <[email protected]>

Date: Wed, 19 Oct 2005 00:14:10 -0400

Cc: Horms <[email protected]>, [email protected], [email protected], [email protected], [email protected], Rudolf Polzer <[email protected]>, Alastair McKinstry <[email protected]>, [email protected]

Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAKlBMVEVTAABbAQBsAACAAQCV AAC3DwTXPhTrZiLyjiroi133tCn53UX51n/45bb7J7XrAAACZ0lEQVQ4y2WTz07bQBDGlz5BHF6g cfoAxeu+QHYd7rDjwD1eK1eq7AbUU6XGVpRroTxBKE8ABs6oKr2itiHv0pldh/zpSJai/WVm55v5 lgVBsLufFaoT4q8GWwWBGC4VJxBsgjaXqeJRa5MEQRNBLxMupe2KvWk4ELZ5fPxVcB6GYbyHtBm/ J9AkkGaSf0CWRFjx3YErFRKADJIjUBIURFx2CIQEZKL1eGQ/ApyNVSJFwwOOIAWAdKBktxiKVuhB G0E6VhJD8Fjxjm+XzmN59EVy7vrCzwNOhaA3RBA58cux4LlMTy9QoD9/1c7j7rBXDkHU540VSExu QGLtjQRGlQzgDMPWRgIB0EouwWq6MYozr2BtU1ImOQH+P0hHmZJ1t+sggTwDSSmbq/UAAJexBQAG j9ZolfRbGwD/PHjWJv1TiG2QWioFMtoCvcEzXS5dv2tdAXaLy66FrAPtgKgVrkCqrQZSvi59J3jL dD690CtAaAc995mZT+faA29eH7sH7LY0mS/l/e4ijE/YQ2XAXR6LcJkSSjhhi9+GLsdQ9dbR/kPY Y4vK6IwA9GufoLe6hxGbz06xX4y8L8hwzsv7irP59VPhARxyT9BRINni/psborOKcym9CgD287sl kJdjDzhZGbthTzOrNaR5mXkxnGxzLjirClyf1tbUKrmE41kmIlaVEwKX2ACNmOrkGl89q+6vsFY+ fTSZA2RMcjh7+DWzNh8V2IIbDN4wJiezxd2VtbZE+X4w+E4zhVLZ4i+CSWFIpAPQc/2xeXVd2MmN XQLnvwRH8jK/u5m+FD9w+K4WzuCs0Ab+Ad5UBbueJrnMAAAAAElFTkSuQmCC

In-reply-to: <[email protected]>

References: <[email protected]> <[email protected]> <[email protected]>

Sender: [email protected]

User-agent: Debian Thunderbird 1.0.2 (X11/20050611)

Krzysztof Halasa wrote:

> Why doesn't the intruder just simulate login process (printing "login: "
> and "Password:")? That's known and used for ages.

Well, you can configure a single vty to only allow logins from admins.
Then you avoid the fake login problem, but not the loadkeys problem
(since that affects all vtys)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Follow-Ups:
- Re: [Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise
  - From: Krzysztof Halasa <[email protected]>

References:
- kernel allows loadkeys to be used by any user, allowing for local root compromise
  - From: Horms <[email protected]>
- Re: kernel allows loadkeys to be used by any user, allowing for local root compromise
  - From: Krzysztof Halasa <[email protected]>

Prev by Date: Re: [PATCH]: Handling spurious page fault for hugetlb region for 2.6.14-rc4-git5
Next by Date: Re: large files unnecessary trashing filesystem cache?
Previous by thread: Re: kernel allows loadkeys to be used by any user, allowing for local root compromise
Next by thread: Re: [Secure-testing-team] Re: kernel allows loadkeys to be used by any user, allowing for local root compromise
Index(es):
- Date
- Thread

[Index of Archives] [Kernel Newbies] [Netfilter] [Bugtraq] [Photo] [Stuff] [Gimp] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Video 4 Linux] [Linux for the blind] [Linux Resources]