disable alt+sysrq.

This commit is contained in:
Christopher Jeffrey 2014-09-18 14:38:54 -07:00
parent 6ecebe7703
commit b74256d2b9
2 changed files with 31 additions and 0 deletions

9
README
View File

@ -31,6 +31,15 @@ Changes by chjj
wrong password or pressed ALT/CTRL/F1-13/SYSRQ. See twilio_example.h to create a
twilio.h file. You will need a twilio account to set this up.
- Disabling alt+sysrq before shutting down: This prevents an attacker from
alt+sysrq+k'ing the screenlock quickly before the shutdown.
- This requires a sudoers option to be set in /etc/sudoers:
- [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq
You must change [username] and [hostname] to your username and the hostname
of the machine.
Requirements
------------

22
slock.c
View File

@ -148,6 +148,18 @@ error:
return NULL;
}
// Disable alt+sysrq - keeps the attacker from alt+sysrq+k'ing our process
static void
disable_sysrq(void) {
#if POWEROFF
// Needs sudo privileges - alter your /etc/sudoers file:
// [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq
system("echo 0 | sudo tee /proc/sys/kernel/sysrq > /dev/null");
#else
return;
#endif
}
// Poweroff if we're in danger.
static void
poweroff(void) {
@ -160,6 +172,10 @@ poweroff(void) {
execvp(args[0], args);
execvp(args_legacy[0], args_legacy);
fprintf(stderr, "Error: cannot shutdown. Check your /etc/sudoers file.\n");
// Needs sudo privileges - alter your /etc/sudoers file:
// [username] [hostname] =NOPASSWD: /usr/bin/tee /proc/sys/kernel/sysrq,/usr/bin/tee /proc/sysrq-trigger
// system("echo 1 | sudo tee /proc/sys/kernel/sysrq > /dev/null");
// system("echo o | sudo tee /proc/sysrq-trigger > /dev/null");
#else
return;
#endif
@ -420,6 +436,9 @@ readpw(Display *dpy, const char *pws)
// Poweroff if there are more than 5 bad attempts.
if(lock_tries > 5) {
// Disable alt+sysrq
disable_sysrq();
// Take a webcam shot of whoever is tampering with our machine:
webcam_shot(0);
@ -482,6 +501,9 @@ readpw(Display *dpy, const char *pws)
case XK_F11:
case XK_F12:
case XK_F13:
// Disable alt+sysrq
disable_sysrq();
// Take a webcam shot of whoever is tampering with our machine:
webcam_shot(0);