Rudolf Polzer <[EMAIL PROTECTED]> writes: > That does not help against the loadkeys issue if the attacking user is still > logged in on another virtual console. Even when tty1 is active, a user owning > tty6 can use loadkeys.
Sure. The problem is that mappings are shared between VCs but anyway it's solved by disabling user changes. I don't think there is a solution here, easier than hardware reset. As for "server" machines (not simple terminals), physical locking is critical. > Well, sometimes you have problems that powercycling would "hide" so you can't > track them down if you powercycle the whole computer every time. In security-sensitive instalation, you simply don't expose the computers to non-admins. > For using foreign languages and keyboard mappings. Hope they don't change the keys in the process. Anyway, most people don't need that nor they need suid-wrapper. BTW: there are similar problems with serial access: users can play with termio(s) settings (especially CLOCAL flag) and fake login/password requests. Unless the getty programs are fixed, you don't want to connect dial-in modems to a machine with user accounts. Not a kernel thing, though - Linux has termios locking for 10+ yrs. -- Krzysztof Halasa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
