← Back to context

Comment by IshKebab

1 day ago

Yeah and Linux is waaay behind in other areas. Windows had a secure attention sequence (ctrl-alt-del to login) for several decades now. Linux still doesn't.

21 comments

IshKebab

Reply
roblabla  21 hours ago

Linux (well, more accurately, X11), has had a SAK for ages now, in the form of the CTRL+ALT+BACKSPACE that immediately kills X11, booting you back to the login screen.

I personally doubt SAK/SAS is a good security measure anyways. If you've got untrusted programs running on your machine, you're probably already pwn'd.

  • eqvinox  17 hours ago

    That's not a SAK, you can disable it with setxkbmap. A SAK is on purpose impossible to disable, and it exists on Linux: Alt+SysRq+K.

    Unfortunately it doesn't take any display server into consideration, both X11 and Wayland will just get killed.

    • roblabla  15 hours ago

      There are many a ways to disable CTRL+ALT+DEL on windows too, from registry tricks to group policy options. Overall, SAK seems to be a relic of the past that should be kept far away from any security consideration.

      1 reply →

  • TeMPOraL  21 hours ago

    The "threat model" (if anyone even called it that) of applications back then was bugs resulting in unintended spin-locks, and the user not realizing they're critically short on RAM or disk space.

  • dangus  21 hours ago

    This setup came from the era of Windows running basically everything as administrator or something close to it.

    The whole windows ecosystem had us trained to right click on any Windows 9X/XP program that wasn’t working right and “run as administrator” to get it to work in Vista/7.

ttctciyf  21 hours ago

Well, there is: https://en.wikipedia.org/wiki/Magic_SysRq_key

  • IshKebab  20 hours ago

    That's not the same thing at all.

    • ttctciyf  18 hours ago

      No, it's not. It has various functionality, as shown by the built-in help:

      > Example output of the SysRq+h command:

      > sysrq: HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(v) show-blocked-tasks(w) dump-ftrace-buffer(z) dump-sched-ext(D) replay-kernel-logs(R) reset-sched-ext(S)

      But note "sak (k)".

      2 replies →

    • eqvinox  17 hours ago

      Like the GP says in sibling, Alt+SysRq+K is SAK on Linux. But it doesn't work with graphical environments.

dangus  21 hours ago

Is that something Linux needs? I don’t really understand the benefit of it.

  • ethbr1  21 hours ago

    The more powerful form is the UAC full privilege escalation dance that Win 7+(?) does, which is a surprisingly elegant UX solution.

       1. Snapshot the desktop
   2. Switch to a separate secure UI session
   3. Display the snapshot in the background, greyed out, with the UAC prompt running in the current session and topmost

    It avoids any chance of a user-space program faking or interacting with a UAC window.

    Clever way of dealing with the train wreck of legacy Windows user/program permissioning.

    • thewebguyd  20 hours ago

      One of the things Windows did right, IMO. I hate that elevation prompts on macOS and most linux desktops are indistinguishable from any other window.

      It's not just visual either. The secure desktop is in protected memory, and no other process can access it. Only NTAUTHORITY\System can initiate showing it and interact with it any way, no other process can.

      You can also configure it to require you to press CTRL+ALT+DEL on the UAC prompt to be able to interact with it and enter credentials as another safeguard against spoofing.

      I'm not even sure if Wayland supports doing something like that.

    • opello  20 hours ago

      My only experience with non-UAC endpoint privilege management was BeyondTrust and it seemed to try to do what UAC did but with a worse user experience. It looks like the Intune EPM offering also doesn't present as clear a delineation as UAC, which seems like a missed opportunity.

    • lawlessone  19 hours ago

      >Display the snapshot in the background, greyed out,

      Is there an offset. I could have sworn things always seemed offset to the side a little.

  • mikkupikku  21 hours ago

    It made a lot more sense in the bygone years of users casually downloading and running exe's to get more AIM "smilies", or putting in a floppy disk or CD and having the system autoexec whatever malware the last user of that disk had. It was the expected norm for everybody's computer to be an absolute mess.

    These days, things have gotten far more reasonable, and I think we can generally expect a linux desktop user to only run software from trusted sources. In this context, such a feature makes much less sense.

  • IshKebab  20 hours ago

    It's useful for shared spaces like schools, universities and internet cafes. The point is that without it you can display a fake login screen and gather people's passwords.

    I actually wrote a fake version of RMNet login when I was in school (before Windows added ctrl-alt-del to login).

    https://www.rmusergroup.net/rm-networks/

    I got the teacher's password and then got scared and deleted all trace of it.