| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Mar 2015 13:29:55 +0100 From: David Herrmann <dh.herrmann@...il.com> To: simone.weiss@....de Cc: Greg KH <gregkh@...uxfoundation.org>, helene.gsaenger@...dium.fau.de, Jiri Slaby <jslaby@...e.cz>, Daniel Vetter <daniel.vetter@...ll.ch>, Peter Hurley <peter@...leysoftware.com>, Takashi Iwai <tiwai@...e.de>, mark.d.rustad@...el.com, Joe Perches <joe@...ches.com>, linux-kernel <linux-kernel@...r.kernel.org>, linux-kernel@...cs.fau.de Subject: Re: questions to planned lock-functionality for vts Hi On Mon, Mar 23, 2015 at 11:29 AM, <simone.weiss@....de> wrote: > >> Wait, what's wrong with the existing functionality? > > Userspace programms for screensavers can potentially be bypassed > - if my scrennsaver dies, for example by segfault, my screen is unlocked > - Redirection is only possible in Kernel, because a vt switch can only > be prevented there > Also it would make the implementation of a Secure-Acess-Key possible > (could also redirect to VT12) By moving these calls into the kernel, you don't make them necessarily fail-safe. This can all be implemented in user-space. By switching to a dedicated VT (say, VT12) and running VT_SETMODE+VT_PROCESS, you lock the machine. You can now implement your screensaver. If you run a spawner-process, you're even safe if your screensaver crashes. Thanks David -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists