| Summary: | TDM UseSAK default should be false | ||
|---|---|---|---|
| Product: | TDE | Reporter: | Darrell <darrella> |
| Component: | tdebase | Assignee: | Timothy Pearson <kb9vqf> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | bugwatch, darrella, kb9vqf, michele.calgaro, slavek.banko |
| Priority: | P5 | ||
| Version: | R14.0.0 [Trinity] | ||
| Hardware: | Other | ||
| OS: | Linux | ||
| Compiler Version: | TDE Version String: | ||
| Application Version: | Application Name: | ||
| Attachments: |
Patch to change UseSAK default to false
Updated patch to change UseSAK default to false |
||
|
Description
Darrell
2014-02-07 13:19:13 CST
> Although SAK is an important security feature,
Frankly speaking, I have always struggled to understand what is the "security feature" provided by SAK. You press Ctrl+Alt+Del and you get to the same login screen you would have without SAK.
Perhaps I am missing something, but to me it is more an annoyance than a security feature (that's why I don't use it :) )
Simply this: on an SAK-enabled system, *only* TDM or another application running as root can know that Ctrl+Alt+Del has been pressed. This prevents exploits based on an old attack vector known as login spoofing from being used; as mentioned earlier by others, this feature is only useful on machines that have more than one graphics-enabled user account such as are typically found in an enterprise environment. >this feature is only useful on machines that have more than one graphics-
>enabled user account such as are typically found in an enterprise environment.
Which is why I filed the bug report to change the default to false. Admins in the enterprise know to look for this kind of feature. Stand-alone users do not know and are confused by the Ctrl+Alt+Del request, not to mention that the i18n translations of the feature have not been implemented.
(In reply to comment #2) Thanks for the explanation Tim :) (In reply to comment #3) I think Darrell's point of view is good. Stand-alone users don't really bother too much about having SAK and sys admin knows enough to enable SAK. I also think making the default "false" is a good idea. Plus we can add a comment in the R14 release notes saying that the default behavior for SAK has been changes to "false" and that to enable it again it is necessary to edit /etc/trinity/tdm/tdmrc. >necessary to edit /etc/trinity/tdm/tdmrc
There is a check box in the kcontrol login manager module, Appearance tab.
The attached patch is insufficient. My default tdmrc still has UseSAK=true.
Created attachment 1925 [details]
Updated patch to change UseSAK default to false
This patch works.
I tested the patch in a clean new installed TDE system. At the first start, TDM did not display the SAK window, rather the standard login window. Patch worked fine :) IMO it could be pushed to GIT, but I would suggest we check with Tim/Slavek whether they also agree about making the default behavior "false" for SAK. SAK has a couple of side inconveniences. They are the result of tdmsak not aware of the sessions (text/graphics) and the relationship keyboard => session. + on text console cannot be used Ctrl+Alt+Del to restart the system + for multi-seat machines, press Ctrl+Alt+Del is sent to all sessions + in krdc cannot be send Ctrl+Alt+Del to the remote machine As for me, it is known that for me SAK does not produce a feeling of greater security (as well as for Michele). And also this is the first thing I do in tdmrc off. Therefore I have no objections set 'false' as default. Darrell, the patch works on your and my systems and Slavek also agrees in making the default false. IMO, go ahead, push to git and close this bug. Patch pushed to git in commit a7e7483a. |