From owner-freebsd-hackers  Mon May 21 18:44:38 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from Awfulhak.org (awfulhak.demon.co.uk [194.222.196.252])
	by hub.freebsd.org (Postfix) with ESMTP
	id 4976837B422; Mon, 21 May 2001 18:44:34 -0700 (PDT)
	(envelope-from brian@Awfulhak.org)
Received: from hak.lan.Awfulhak.org (root@hak.lan.Awfulhak.org [172.16.0.12])
	by Awfulhak.org (8.11.3/8.11.3) with ESMTP id f4M1iWk57308;
	Tue, 22 May 2001 02:44:32 +0100 (BST)
	(envelope-from brian@lan.Awfulhak.org)
Received: from hak.lan.Awfulhak.org (brian@localhost [127.0.0.1])
	by hak.lan.Awfulhak.org (8.11.3/8.11.3) with ESMTP id f4M1iVb47321;
	Tue, 22 May 2001 02:44:31 +0100 (BST)
	(envelope-from brian@hak.lan.Awfulhak.org)
Message-Id: <200105220144.f4M1iVb47321@hak.lan.Awfulhak.org>
X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4
To: David Malone <dwmalone@maths.tcd.ie>
Cc: Mike Smith <msmith@FreeBSD.ORG>,
	Warner Losh <imp@harmony.village.org>, Jon Parise <jon@csh.rit.edu>,
	freebsd-hackers@FreeBSD.ORG, brian@Awfulhak.org
Subject: Re: sysctl to disable reboot 
In-Reply-To: Message from David Malone <dwmalone@maths.tcd.ie> 
   of "Mon, 21 May 2001 23:40:22 BST." <200105212340.aa68173@salmon.maths.tcd.ie> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 22 May 2001 02:44:31 +0100
From: Brian Somers <brian@Awfulhak.org>
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

> > That's a good point.  A more sophisticated sysctl again would be one that 
> > would prevent the loading of a new keymap which enabled rebooting where 
> > the previous one did not.
> 
> > cons.keymap.protected perhaps?
> 
> I could impliment a cons.keymap.securelevel which did:
> 
> 	0: Anyone can change the keymap.
> 	1: Only root can change keys with effects like reboot, panic, ...
> 	2: Only root can make any change to the keymap.
> 
> Or would that be overkill? (The name is certainly a bit silly ;-)

I would have guessed that suser()ing keymap changes would be most 
appropriate.  After all, a keymap change survives a logout and should 
really only be changed with care.

Having said that, a malicious user with access to the keyboard can 
install some quite hideous root traps (a program that says login: etc 
etc).

> 	David.

-- 
Brian <brian@Awfulhak.org>                        <brian@[uk.]FreeBSD.org>
      <http://www.Awfulhak.org>                   <brian@[uk.]OpenBSD.org>
Don't _EVER_ lose your sense of humour !



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message