1 files changed, 42 insertions, 0 deletions
diff --git a/informationals/teso-i0011.txt b/informationals/teso-i0011.txt
new file mode 100644
index 0000000..36879fc
--- /dev/null
+++ b/informationals/teso-i0011.txt
@@ -0,0 +1,42 @@
+0011 2000/02/01  Linux keyboard handler tricks
+==== TESO Informational =======================================================
+This piece of information is to be kept confidential.
+===============================================================================
+Description ..........: Linux kernel keyboard handling
+Date .................: 2000/02/01 17:00
+Author ...............: Palmers
+Publicity level ......: known
+Affected .............: Linux kernel
+Type of entity .......: kernel module 
+Type of discovery ....: useful information
+Severity/Importance ..: low
+Found by .............: Palmers
+Information ===================================================================
+It is (in theory) easy to (1) free keyboards IRQ, then (2) install a keylogger, 
+and (3) reinstall the original interrupt handler. It has to be freed first to
+reinstall the first handler to the, then shared, interrupt.
+The stuff that deal with this can be found in:
+<src-dir>/arch/i386/kernel/irq.c                (free_irq, request_irq)
+<src-dir>/drivers/char/pc_keyb.c                (kbd stuff)
+as well as in:
+<src-dir>/include/asm-i386/keyboard.h
+<src-dir>/arch/i386/kernel/irq.h
+<src-dir>/include/linux/interrupt.h
+Ok, an interrupt handler has three arguments:
+interrupt_handler (int irq, void *dev_id, struct pt_regs *regs)
+Which are - you guess it - interrupt, id and a pt_regs struct (which leads 
+to the need for asm). The logger simply needs to pop the byte, read from the
+keyboard, and write it in a file, the original interrupt handler could be
+restored using pc_keyb.c (with some modifications). 
+===============================================================================

diff --git a/informationals/teso-i0011.txt b/informationals/teso-i0011.txt new file mode 100644 index 0000000..36879fc --- /dev/null +++ b/informationals/teso-i0011.txt
@@ -0,0 +1,42 @@
	1	0011 2000/02/01 Linux keyboard handler tricks
	2
	3	==== TESO Informational =======================================================
	4	This piece of information is to be kept confidential.
	5	===============================================================================
	6
	7	Description ..........: Linux kernel keyboard handling
	8	Date .................: 2000/02/01 17:00
	9	Author ...............: Palmers
	10	Publicity level ......: known
	11	Affected .............: Linux kernel
	12	Type of entity .......: kernel module
	13	Type of discovery ....: useful information
	14	Severity/Importance ..: low
	15	Found by .............: Palmers
	16
	17	Information ===================================================================
	18
	19	It is (in theory) easy to (1) free keyboards IRQ, then (2) install a keylogger,
	20	and (3) reinstall the original interrupt handler. It has to be freed first to
	21	reinstall the first handler to the, then shared, interrupt.
	22
	23	The stuff that deal with this can be found in:
	24
	25	<src-dir>/arch/i386/kernel/irq.c (free_irq, request_irq)
	26	<src-dir>/drivers/char/pc_keyb.c (kbd stuff)
	27
	28	as well as in:
	29	<src-dir>/include/asm-i386/keyboard.h
	30	<src-dir>/arch/i386/kernel/irq.h
	31	<src-dir>/include/linux/interrupt.h
	32
	33	Ok, an interrupt handler has three arguments:
	34	interrupt_handler (int irq, void dev_id, struct pt_regs regs)
	35
	36	Which are - you guess it - interrupt, id and a pt_regs struct (which leads
	37	to the need for asm). The logger simply needs to pop the byte, read from the
	38	keyboard, and write it in a file, the original interrupt handler could be
	39	restored using pc_keyb.c (with some modifications).
	40
	41	===============================================================================
	42