applications/slock
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

disable alt+sysrq.

Browse Source
This commit is contained in:
Christopher Jeffrey 2014-09-18 14:38:54 -07:00
parent 6ecebe7703
commit b74256d2b9
2 changed files with 31 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
README
View File

@ -31,6 +31,15 @@ Changes by chjj
wrong password or pressed ALT/CTRL/F1-13/SYSRQ. See twilio_example.h to create a wrong password or pressed ALT/CTRL/F1-13/SYSRQ. See twilio_example.h to create a
twilio.h file. You will need a twilio account to set this up. twilio.h file. You will need a twilio account to set this up.
- Disabling alt+sysrq before shutting down: This prevents an attacker from
alt+sysrq+k'ing the screenlock quickly before the shutdown.
- This requires a sudoers option to be set in /etc/sudoers:
- [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq
You must change [username] and [hostname] to your username and the hostname
of the machine.
Requirements Requirements
------------ ------------

22
slock.c
View File

@ -148,6 +148,18 @@ error:
return NULL; return NULL;
} }
// Disable alt+sysrq - keeps the attacker from alt+sysrq+k'ing our process
static void
disable_sysrq(void) {
#if POWEROFF
// Needs sudo privileges - alter your /etc/sudoers file:
// [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq
system("echo 0 | sudo tee /proc/sys/kernel/sysrq > /dev/null");
#else
return;
#endif
}
// Poweroff if we're in danger. // Poweroff if we're in danger.
static void static void
poweroff(void) { poweroff(void) {
@ -160,6 +172,10 @@ poweroff(void) {
execvp(args[0], args); execvp(args[0], args);
execvp(args_legacy[0], args_legacy); execvp(args_legacy[0], args_legacy);
fprintf(stderr, "Error: cannot shutdown. Check your /etc/sudoers file.\n"); fprintf(stderr, "Error: cannot shutdown. Check your /etc/sudoers file.\n");
// Needs sudo privileges - alter your /etc/sudoers file:
// [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq,/usr/bin/tee /proc/sysrq-trigger
// system("echo 1 | sudo tee /proc/sys/kernel/sysrq > /dev/null");
// system("echo o | sudo tee /proc/sysrq-trigger > /dev/null");
#else #else
return; return;
#endif #endif
@ -420,6 +436,9 @@ readpw(Display *dpy, const char *pws)
// Poweroff if there are more than 5 bad attempts. // Poweroff if there are more than 5 bad attempts.
if(lock_tries > 5) { if(lock_tries > 5) {
// Disable alt+sysrq
disable_sysrq();
// Take a webcam shot of whoever is tampering with our machine: // Take a webcam shot of whoever is tampering with our machine:
webcam_shot(0); webcam_shot(0);
@ -482,6 +501,9 @@ readpw(Display *dpy, const char *pws)
case XK_F11: case XK_F11:
case XK_F12: case XK_F12:
case XK_F13: case XK_F13:
// Disable alt+sysrq
disable_sysrq();
// Take a webcam shot of whoever is tampering with our machine: // Take a webcam shot of whoever is tampering with our machine:
webcam_shot(0); webcam_shot(0);