https://web.archive.org/web/20081011084822/http://kernel.org/doc/Documentation/sysrq.txt
1 Like
Quote Screen Locker (In)Security - Can we disable these at least 4 backdoors?
What does 176 value for /proc/sys/kernel/sysrq mean? Anyone can find documentation for that?
1 Like
Why use wayback?
The docs are still available. Theyâre just in the admin-guide directory.
https://www.kernel.org/doc/Documentation/admin-guide/sysrq.rst
It allows only rebooting, syncing and remounting all drives read-only with the sysrq key. Sysrq uses a bitmask to control which features to allow.
According to the kernel docs, 16 is sync, 32 is remount read-only and 128 is reboot/poweroff. 16 + 32 + 128 = 176
1 Like
Against link rot and couldnât find the current version.
2 Likes
4 posts were split to a new topic: Send SysRq commands to VirtualBox usability helper - virtualbox-send-sysrq
Now that untrusted root is in our threat model, we might want to look at disabling SysRq again as abusing it can be done remotely by root (/proc/sysrq-trigger or /dev/uinput).
CLIPOS also recommends to disable this.
1 Like
Would it make sense to add this to apparmor-profile-everything? Since only apparmor-profile-everything implements untrusted root? security-misc alone doesnât implement untrusted root?
Canât find. Any reference?
1 Like
apparmor-profile-everything doesnât really have anything to do with sysrq or other kernel hardening.
I donât think we should make this related to apparmor.
It does a bit.
It disables kexec.
https://github.com/Whonix/security-misc/blob/master/etc/sysctl.d/kexec.conf
Hides kernel symbols from root.
https://github.com/Whonix/security-misc/blob/master/etc/sysctl.d/kptr_restrict.conf
Prevents root processes from creating coredumps.
https://github.com/Whonix/security-misc/blob/master/etc/sysctl.d/suid_dumpable.conf
Hardens the BPF JIT compiler for root (thatâs what bpf_jit_harden=2 does).
https://github.com/Whonix/security-misc/blob/master/etc/sysctl.d/harden_bpf.conf
2 Likes
Without apparmor-profile-everything, a malicious root can just easyly enable sysrq as per instructions. There for users who only use security-misc donât benefit from this. Only hinders debugging for these. Therefore I think this fits better into apparmor-profile-everything. Only with apparmor-profile-everything we can have a complete untrusted root implementation.
2 Likes
Not necessarily. An attacker running as root without read-write access to /proc/sys/kernel/sysrq (as is the case for many systemd services due to ProtectKernelTunables for example) can still be limited by this.
1 Like
madaidan via Whonix Forum:
Not necessarily. An attacker running as root without read-write access to /proc/sys/kernel/sysrq (as is the case for many systemd services due to
ProtectKernelTunablesfor example) can still be limited by this.
In that situation could a compromised process simulate pressing sysrq key?
1 Like
Yes, should be possible via /dev/uinput.
2 Likes
Alright. Then unfortunately sysrq restriction is required.
2 Likes
Should CONFIG_MAGIC_SYSRQ be disabled in hardened-kernel to get rid of it entirely or should we just whitelist a few functions like SAK?
1 Like
Need SAK for Safely Use Root Commands
Anything else that makes sense?
1 Like
The o command can be used to quickly shutdown if in an emergency but this makes it easier for DoS and is much better done on the host.
The f command can be used to kill a process taking up too much memory which might be useful to save the system from crashing.
Not sure how fine granular we can whitelist whatever we want?
madaidan via Whonix Forum:
The
ocommand can be used to quickly shutdown if in an emergency but this makes it easier for DoS and is much better done on the host.
Yes but if we set it in security-misc it applies to host and VM.
The
fcommand can be used to kill a process taking up too much memory which might be useful to save the system from crashing.
Could this be abused too to kill important processes?
1 Like
In my experience this command does fuck all. I end up using a hotkey combo and click the frozen app window to shut it off.
The only useful one is the the emergency shutdown.
1 Like
See Linux Magic System Request Key Hacks â The Linux Kernel documentation
We can set the bitmask of allowed functions. If we just want the shutdown function, we can set the sysctl to 128.
If we want to set the default in the kernel config, we change CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE to be the bitmask in hexadecimal form.
Yes.
madaidan via Whonix Forum:
See Linux Magic System Request Key Hacks â The Linux Kernel documentation
I see. However, it doesnât look very flexible. We canât pick and choose
any arbitrary combination of commands?
We can set the bitmask of allowed functions. If we just want the shutdown function, we can set the sysctl to 128.
Could you please white list SAK and shutdown?
If we want to set the default in the kernel config, we change CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE to be the bitmask in hexadecimal form.
Better a security-misc sysctl.
2 Likes