Chinese translated version of Documentation/filesystems/ecryptfs.txt
If you have any comment or update to the content, please contact the
original document maintainer directly. However, if you have a problem
communicating in English you can also ask the Chinese maintainer for
help. Contact the Chinese maintainer if this translation is outdated
or if there is a problem with the translation.
Chinese maintainer: 谢尚敬 <1479201451@qq.com>
---------------------------------------------------------------------
Documentation/SAK.txt的中文翻译
如果想评论或更新本文的内容,请直接联系原文档的维护者。如果你使用英文
交流有困难的话,也可以向中文版维护者求助。如果本翻译更新不及时或者翻
译存在问题,请联系中文版维护者。
中文版维护者: 谢尚敬 <1479201451@qq.com>
中文版翻译者: 谢尚敬 <1479201451@qq.com>
中文版校译者: 谢尚敬 <1479201451@qq.com>
以下为正文
---------------------------------------------------------------------
Linux 2.4.2 Secure Attention Key (SAK) handling 18 March 2001, Andrew Morton
Linux 2.4.2 关键的安全焦点(SAK)
安德鲁 · 莫顿,处理于2001 年 3 月 18 日
An operating system's Secure Attention Key is a security tool which is provided as protection against trojan password capturing programs. It is an undefeatable way of killing all programs which could be masquerading as login applications. Users need to be taught to enter this key sequence before they log in to the system.
操作系统安全焦点的关键是,提供了用来防御盗取密码的木马程序的安全保护工具。它是一种可以有效杀死所有伪装成登录应用程序的方式。在用户登录到系统之前,他们需要按照指导,顺序输入相关键。
From the PC keyboard, Linux has two similar but different ways of providing SAK. One is the ALT-SYSRQ-K sequence. You shouldn't use this sequence. It is only available if the kernel was compiled with sysrq support.
在PC的键盘上,Linux 用了两个相似但又有所不同的方式来提供 SAK。其中一个是 ALT-SYSRQ-K 序列。你不应该使用此序列。那只有在sysrq 支持内核编译时才可用。
The proper way of generating a SAK is to define the key sequence using `loadkeys'. This will work whether or not sysrq support is compiled into the kernel.
生成 SAK 正确的方法是,定义使用 'loadkeys' 按键的顺序。这将取决于sysrq 是否支持编译内核。
SAK works correctly when the keyboard is in raw mode. This means that once defined, SAK will kill a running X server. If the system is in run level 5, the X server will restart. This is what you want to happen.
SAK 在 键盘是raw 模式时,是工作正常的。这就意味着一旦定义,SAK 将会杀死正在运行的X 服务器。如果系统运行的级别为5,那么X 服务器将重新启动。这是你希望发生的。
What key sequence should you use? Well, CTRL-ALT-DEL is used to reboot the machine. CTRL-ALT-BACKSPACE is magical to the X server. We'll choose CTRL-ALT-PAUSE.
您应该使用哪些键序列?嗯,CTRL ALT DEL 组合可以用来重新启动机器。CTRL-ALT- BACKSPACE组合对于 X 服务器来说很奇妙。我们将会选择 CTRL-ALT- PAUSE组合。
In your rc.sysinit (or rc.local) file, add the command
在 rc.sysinit (或在rc.local) 文件中,添加命令
echo "control alt keycode 101 = SAK" | /bin/loadkeys
And that's it! Only the superuser may reprogram the SAK key.
这是它!只有超级用户才可以重新编程SAK 键。
NOTES
备注:
=====
1: Linux SAK is said to be not a "true SAK" as is required by systems which implement C2 level security. This author does not know why.
1:Linux SAK 据说不是作为实施 C2 级安全系统所需的"真实的SAK"。这位作者不知道其中的原因。
2: On the PC keyboard, SAK kills all applications which have /dev/console opened.
2: SAK 会杀死,在电脑键盘上,所有已打开的 /dev/console 应用。
Unfortunately this includes a number of things which you don't actually want killed. This is because these applications are incorrectly holding /dev/console open. Be sure to complain to your Linux distributor about this!
不幸的是,那里面将会包括很多你其实并不想杀的东西。这是因为,这些应用程序不正确地让 /dev/console 处于打开状态。请务必向您的Linux 经销商投诉 !
You can identify processes which will be killed by SAK with the command
您可以标识被 SAK 命令杀死的进程。
# ls -l /proc/[0-9]*/fd/* | grep console
l-wx------ 1 root root 64 Mar 18 00:46 /proc/579/fd/0 -> /dev/console
Then:
# ps aux|grep 579
root 579 0.0 0.1 1088 436 ? S 00:43 0:00 gpm -t ps/2
So `gpm' will be killed by SAK. This is a bug in gpm. It should be closing standard input. You can work around this by finding the initscript which launches gpm and changing it thusly:
所以 'gpm' 将会被SAK杀死。这是gpm中的一个bug。故应关闭标准输入。你可以通过查找并强制改变发出gpm的initscript,来解决此问题:
Old:
daemon gpm
New:
daemon gpm < /dev/null
Vixie cron also seems to have this problem, and needs the same treatment.
Vixie cron 也似乎有这个问题,故需要相同的操作。
Also, one prominent Linux distribution has the following three lines in its rc.sysinit and rc scripts:
一个著名的 Linux 发行版在其 rc.sysinit 和 rc 的脚本中,还有以下三行:
exec 3<&0
exec 4>&1
exec 5>&2
These commands cause *all* daemons which are launched by the initscripts to have file descriptors 3, 4 and 5 attached to /dev/console. So SAK kills them all. A workaround is to simply delete these lines, but this may cause system management applications to malfunction - test everything well.
这些命令会导致initscripts发出,附加3、 4 和 5 个 /dev/console 文件描述符的*all*守护程序。所以 SAK会全部杀死他们。一种解决方法就是简单删除这些行,不过这可能会导致系统出现故障——故请测试所有的应用管理程序都完好。
原文地址: http://lxr.linux.no/#linux+v3.11.6/Documentation/SAK.txt