Date: Tue, 22 May 2001 02:44:31 +0100 From: Brian Somers <brian@Awfulhak.org> To: David Malone <dwmalone@maths.tcd.ie> Cc: Mike Smith <msmith@FreeBSD.ORG>, Warner Losh <imp@harmony.village.org>, Jon Parise <jon@csh.rit.edu>, freebsd-hackers@FreeBSD.ORG, brian@Awfulhak.org Subject: Re: sysctl to disable reboot Message-ID: <200105220144.f4M1iVb47321@hak.lan.Awfulhak.org> In-Reply-To: Message from David Malone <dwmalone@maths.tcd.ie> of "Mon, 21 May 2001 23:40:22 BST." <200105212340.aa68173@salmon.maths.tcd.ie>
next in thread | previous in thread | raw e-mail | index | archive | help
> > That's a good point. A more sophisticated sysctl again would be one that > > would prevent the loading of a new keymap which enabled rebooting where > > the previous one did not. > > > cons.keymap.protected perhaps? > > I could impliment a cons.keymap.securelevel which did: > > 0: Anyone can change the keymap. > 1: Only root can change keys with effects like reboot, panic, ... > 2: Only root can make any change to the keymap. > > Or would that be overkill? (The name is certainly a bit silly ;-) I would have guessed that suser()ing keymap changes would be most appropriate. After all, a keymap change survives a logout and should really only be changed with care. Having said that, a malicious user with access to the keyboard can install some quite hideous root traps (a program that says login: etc etc). > David. -- Brian <brian@Awfulhak.org> <brian@[uk.]FreeBSD.org> <http://www.Awfulhak.org> <brian@[uk.]OpenBSD.org> Don't _EVER_ lose your sense of humour ! To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105220144.f4M1iVb47321>