Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 20 Dec 1996 17:36:34 +0200 (SAT)
From:      Johann Tonsing <jtonsing@vulcan.mikom.csir.co.za>
To:        sean@perky.gothic.net.au (Sean Winn)
Cc:        freebsd-security@freebsd.org
Subject:   Re: stopping users from rebooting with ctr-alt-del
Message-ID:  <199612201536.RAA18260@vulcan.mikom.csir.co.za>
In-Reply-To: <Pine.BSF.3.91.961221013041.3576A-100000@perky.gothic.net.au> from "Sean Winn" at Dec 21, 96 01:38:24 am
next in thread | previous in thread | raw e-mail | index | archive | help 

Sean Winn <sean@perky.gothic.net.au> wrote:

> Just a simple question concerning the use of Ctrl-Alt-Del; would it be 
> possible to only make the reboot usable only if it was root logged into 
> the currently visible vty? Not being that cluey on the internals of the 
> FreeBSD console internals, it's more a curiosity question than anything. 
> A definitive "yes/no/damned if I know" from those who *are* capable of 
> answering would save a relative novice hacker from wasting time :)

Well, I guess it is possible since we have full source of the OS. Whether it
is desireable is another question.

> I can already see a nice simple problem, in that it would only work after
> login...if you need to shutdown because you can't login for some reason
> (exhausted swap space because of a nasty process?), then this makes things
> difficult...but it should help machines in public places around people who
> have too much curiosity. 

I'd consider having the kernel prompt for the root password if the console
is marked insecure.  This probably means that the MD5 of the root password
will have to be placed in the kernel somewhere during the boot process while
the disk is still accessible.  (The user might want to reboot when the disk
is not accessible.)  (Keeping the root password in the kernel as plaintext
is not a good idea.)

Regards
JT
--
jtonsing@mikom.csir.co.za
PGP public key: ftp://skeleton.mikom.csir.co.za/pub/netsec.pgp/jtonsing.pub
Send anonymous mail to jt-anon@zibbi.mikom.csir.co.za (no reply possible)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199612201536.RAA18260>