Kicksecure ™

Download

Debian morph to Kicksecure (Hardware) Windows (VM) Linux (VM) Mac (VM) VirtualBox (VM) KVM (VM) Qubes (VM) USB ISO (coming soon) More options Source Code

About

Overview Features Why Open Source? Project Activities Contributors Mission & Vision

Docs

Documentation FAQ Troubleshooting

Community

Forums Contribute

Support

Free Plus Premium Contact

Tools Upload file Special pages Recent changes Print Version Page meta What links here Related changes Page information

Page Read Edit History Move Protection Unwatch Watch Delete Purge

User Preferences Watchlist Contributions Logout Create account Login

Donate

It is possible for Malware to masquerade as a login prompt in order to steal login passwords. This page documents this advanced threat model and how to prevent malware from sniffing the root password. Using SysRq + r. (unraw)

Introduction[edit]

This attack supposes an advanced threat model:

1. A system is configured with a limited user (user "user") which utilizes a graphical X Window System session that is different from the user with root/sudo permissions (user "admin").
2. The limited user is compromised at some point by malware.

Or:

1. Multiple non-root users sharing the same computer and using different virtual terminals (VT).
2. A compromised of malicious user could pretend to have logged out from the VT but actually have started a spoofed login screen.

Note: If there is only one user account which also has sudo/su access, malware can sniff the administrative password and it is unnecessary to utilize an advanced login spoofing attack.

Security Benefit of Compartmentalization[edit]

Under many threat models the compromise of the limited user account is considered catastrophic, since running malware:

• has full access to all user-accessible files
• can view all keyboard inputs and take over login sessions
• may present false information on the screen
• can perform other malicious actions, see: The Importance of a Malware Free System

However, if multiple (virtual) machines are used for compartmentalization the harmful impact of malware might not be catastrophic. For instance, other goals of this configuration include prevention of root compromise to help protect the virtualizer and avoid host compromise, and similarly to avoid a hardware compromise. This is further elaborated in the rationale section of the Safely Use Root Commands wiki chapter.

A broken X Window System can block switching to a virtual console. It logically follows that malware which has compromised the X Window System can also perform this action. In this case the SysRq + r combination can take away control from the X Window System. ^[1] This is a safer procedure, otherwise a compromised X Window System could just be simulating a virtual console login prompt in order to sniff an account login password with root access. (login spoofing in Wikipedia).

SysRq + k (Secure Access Key) can be used to defeat login spoofing because it will terminate all programs on that virtual console.

Quote Linux Kernel Documentation:

Sak (Secure Access Key) is useful when you want to be sure there is no trojan program running at console which could grab your password when you would try to login. It will kill all programs on given console, thus letting you make sure that the login prompt you see is actually the one from init, not some trojan program.

Quote Linux Kernel Secure Attention Key Documentation:

An operating system's Secure Attention Key is a security tool which is provided as protection against trojan password capturing programs. It is an undefeatable way of killing all programs which could be masquerading as login applications. Users need to be taught to enter this key sequence before they log in to the system.

Taking steps to defeat login spoofing probably only makes sense when also performing actions to Prevent Malware from Sniffing the Root Password.

Kicksecure Default[edit]

The SysRq Key is disabled in Kicksecure by default. See System Recovery using SysRq Key on how to enable it.

See Also[edit]

• System Recovery using SysRq Key
• Safely Use Root Commands
• Prevent Malware from Sniffing the Root Password
• Strong Linux User Account Isolation

Footnotes[edit]

---

Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.

Kicksecure A secure by default operating system with the latest security research in place.

Dark mode

Follow us on social media

FREE  ·  PLUS  ·  PREMIUM Support

At Kicksecure we value freedom and trust, supporting Open Source and Freedom Software

By using this website, you acknowledge you have read, understood, and agree to be bound by these these agreements: Terms of Service, Privacy Policy, Cookie Policy, E-Sign Consent, DMCA, Imprint 2012-2024 ENCRYPTED SUPPORT LP

Your support makes
all the difference!

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 12 year success story and maybe DONATE!