Email or username:

Password:

Forgot your password?
Lennart's posts Post Back to profile
Top-level
Lennart Poettering

Hence, to securely log in, you'd always hit the SAK key combination first (on Windows, that's Ctrl-Alt-Del), and once the real login screen pops up, you are ready to go.

The Linux kernel has been supporting a SAK concept for a long time too. (see: kernel.org/doc/html/v5.6/secur – it's also available via magic sysrq K). However, the way it is implemented is a bit too drastic: it simply kills *anything* with an open fd to the console.

7 November at 11:10 | Open on mastodon.social
8 comments
Lennart Poettering

It's in fact so drastic that it even kills PID 1 if it is currently in the process in writing its pretty status update messages to the console, instantly killing your system. (Because of this, PID 1 will only briefly open the console when doing an update, but it's still racy)

Moreover the kernel SAK concept is relatively easy to circumvent: if a user has access to the console, and their processes that have the console open are killed then nothing stops them to immediately reopen the console…

7 November at 11:16 | Open on mastodon.social
Lennart Poettering

… and continue with their nefarious deeds.

With systemd v257 we added support for an alternative SAK implementation that should not suffer by these limitations: logind will now watch input devices for the Ctrl+Alt+Shift+Esc key combination, continously, regardless which session is in the foreground. Once it sees the combination being hit, it fires off a D-Bus signal.

The idea is then that the display manager sees this signal, and switches back to the the login screen in a reliable manner.

7 November at 11:20 | Open on mastodon.social
Lennart Poettering

This should be a much friendlier SAK implementation: the original session is not terminated, but just switched away, taking away control of the keyboard, mouse and screen, without chance for the unprivileged code to interfere.

Note that before this actually becomes useful the display managers of the various desktop environments need to be updated to watch for the SAK signal. But the groundwork is laid now.

And that's it for today.

7 November at 11:23 | Open on mastodon.social
Anselm Schüler

@pid_eins Can I define a custom key combination? How are alternate keyboard layouts handled (e.g. Mac)?

7 November at 11:44 | Open on ieji.de
marius

@pid_eins is DBus robust enough for this kind of security mechanism? I would have thought that systemd can do something more drastic like freezing all sessions and switching to a "login" target :D (speaking as someone very far out the sidelines)

7 November at 12:31 | Open on metalhead.club
Lennart Poettering

@mariusor well, if dbus is hosed, systemd is pretty much hosed, too. SAK is probably the least of you problems then.

7 November at 13:57 | Open on mastodon.social
marius

@pid_eins I understand, I think I was asking more in the idea of this SAK message having to be secured some way against being intercepted by malicious listeners. I guess I don't really know enough about the situation to actually form a pertinent question, sorry. :)

7 November at 14:02 | Open on metalhead.club
Oleksandr Natalenko

@pid_eins I ran out of fingers for this combination ;).

7 November at 11:31 | Open on activitypub.natalenko.name
Go Up