Details about the "Trusted Path" security mechanism in Windows and Linux (1)

In computer systems, users generally do not directly deal with the kernel. There is also a layer of application layer as an interface between users and the kernel, however, this design can protect the kernel from being freely modified and tested by users, but it also brings security problems. Because the application layer is not completely trusted, in the operating system security function, the trusted path function is often provided [This is also the B2-level security requirement of the orpi book].

What is the concept of a trusted path [trusted path? As the name suggests, it is the implementation of such a function: to avoid the application layer, open a direct and trusted interaction channel between the user and the kernel. Is it really necessary that you have to use a trusted path to interact with the kernel during high-risk operations? Sorry to tell you: Yes indeed! Experienced System Administrators generally know how serious threats come from the network. Black Hats can use the Trojan horse [Trojan horse] to record your actions during login and other sensitive operations, and steal your valuable passwords.

You must be very impressed with the "ctrl + alt + del" Three-Key sequence. In the DOS era, we used it to quickly restart the machine and call it "Hot Boot". In the WINDOWS 9X era, we use it to view the process, but you may not have noticed that after the transition from Windows 9x to WINNT, our PC also runs the WIN2000/XP of the NT kernel, in fact, the function of the "ctrl + alt + del" three keys has changed slightly. In its official documents, Microsoft, press ctrl + alt + del to SAS [Secure Attention Sequence] and list it as a component of the security function-trusted path. in linux, similar Key sequence is also available.

Safety Note Key in Linux environment-SAK [Secure Attention Key]. This SAK is a group of keys. On our common X86 platform, it is "alt + sysrq + k ", in the case of table store (or table store), the SAK is "alt + STOP + k". The SAK is disabled by default. You need to use the echo "1">/proc/sys/kernel/sysrq command to activate it, of course, you can also write it into the login script, so you don't have to worry about it every time. If you are interested in SAK implementation, refer to linux/drivers/char/sysrq. c and linux/drivers/char/tty_io.c: do_SAK

The SAK sequence key is actually a group called "magic sysrq key", and "magic sysrq key" has some special keys, just like SAK, they all use "alt + sysrq +... "format, where... some special letters, such as "I", can be exchanged in the MAGIC SYSRQ KEY DOCUMENTATION v1.32 manual, the behavior represented by "alt + sysrq + I" is "Send a SIGKILL to all processes, wait t for init. "It means to send a kill signal to all processes except init. Now let's take a look at the Explanation of" alt + SYSRQ + k "in the MAGIC sysrq key documentation v1.32 manual:

"Sa 'K' (Secure Access Key) is usefull when you want to be

Sure there are no trojan program is running at console and

Which cocould grab your password when you wocould try to login.

It will kill all programs on given console and thus

Letting you make sure that the login prompt you see is

Actually the one from init, not some trojan program ."

This is exactly a functional portrayal of SAK: SAK is sure that the Trojan horse that you are not trying to steal the password during login runs on the current console, it can kill all applications on the current console, this ensures that the login screen you see comes from init, not a Trojan program. When you press this set of keys, that is, the specific event is triggered, the system enters the core State according to the design process. Then you can directly communicate with the kernel, that is, why is it true that your "supposed" is like a fake package for real login prompts? We will analyze the following:->