Re: virtual consoles

[Leonid Isaev <leonid.isaev () ifax com>]

On Mon, Dec 02, 2019 at 08:56:38AM -0800, Tavis Ormandy wrote:
> $ dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1/seat/seat0 
> org.freedesktop.login1.Seat.SwitchTo uint32:2
>
> (note: object paths may vary by distro, change the 2 to a different
> number if you're already on VT2, or seat0 if you're on a different seat)
>
> The obvious attack is to switch to a fake screensaver, then switch back
> after authentication, or make a fake gdm login.
>
> I'm sure this has been documented a million times, and most of us will
> be familiar with the "Secure Attention Key" idea, but this is slightly
> different from that attack as it's possible for an entirely remote user
> (active, physically local users usually have additional privileges, as
> it's assumed they can tamper with hardware anyway, etc).
>
> Should this have some policykit action requirement, or require physical
> presence? I don't know the answer.

Pls no policykit... This "attack" works only because there is systemd, so that
is where such calls should be blocked, IMHO.

It turns out, that if as an unprivileged user I do "pkill -9 systemd" (this
line is infact in my .bash_profile) to eliminate all systemd --user processes,
this still works, i.e. I am able to send messages to the system bus.

Thanks,
L.