From owner-freebsd-security  Fri Dec 20 07:47:04 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id HAA24086
          for security-outgoing; Fri, 20 Dec 1996 07:47:04 -0800 (PST)
Received: from mail.id.net (mail.id.net [199.125.1.6])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id HAA24081
          for <freebsd-security@FreeBSD.org>; Fri, 20 Dec 1996 07:47:02 -0800 (PST)
Received: from server.id.net (server.id.net [199.125.0.10]) by mail.id.net (8.7.5/ID-Net) with ESMTP id KAA24465; Fri, 20 Dec 1996 10:48:49 -0500 (EST)
Received: (from rls@localhost) by server.id.net (8.8.2/8.7.3) id KAA05651; Fri, 20 Dec 1996 10:49:04 -0500 (EST)
From: Robert Shady <rls@mail.id.net>
Message-Id: <199612201549.KAA05651@server.id.net>
Subject: Re: stopping users from rebooting with ctr-alt-del
In-Reply-To: <Pine.BSF.3.91.961220072039.8768A-100000@narcissus.ml.org> from Snob Art Genre at "Dec 20, 96 07:22:54 am"
To: ben@narcissus.ml.org (Snob Art Genre)
Date: Fri, 20 Dec 1996 10:49:04 -0500 (EST)
Cc: igor@alecto.physics.uiuc.edu, sean@perky.gothic.net.au,
        freebsd-security@FreeBSD.org
X-Mailer: ELM [version 2.4ME+ PL25 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-security@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

> > > I can already see a nice simple problem, in that it would only work after
> > > login...if you need to shutdown because you can't login for some reason
> > > (exhausted swap space because of a nasty process?), then this makes things
> > > difficult...but it should help machines in public places around people who
> > > have too much curiosity. 
> > > 
> > 
> > Why would you need use ctrl-alt-del to reboot the machine ?
> > 1. it's not a shutdown (it doesn't resync, anyhow)
> 
> I believe this is incorrect.

This is incorrect.  Most PC UNIX's trap the Ctrl-Alt-Del keystrokes and
either run the standard "shutdown -r now", or call a sync, flush, and reboot.

> > 2. if you need to "reboot" it no matter what -
> > use the power switch, or "reset" button if one is present.
> > May be I am wrong, but I don't see bug difference [for Unix]
> > between ctrl-alt-del and "reset" .
> 
> I think ctrl-alt-del syncs buffers and otherwise shuts down the machine 
> "nicely".  I may be wrong.

Yes, Ctrl-Alt-Del is a much safer way to reboot a PC based UNIX box than
just flipping the power off..

> > In a public place I would also disable "reset" and "power" button
> > <grin> 
> 
> Yes . . . in general I think allowing people physical access to a machine
> is a big risk.  Anyone with a screwdriver and five minutes can remove your
> hard drive, after all. 

Granted.

	-- Rob
===
      _/_/_/_/_/  _/_/_/_/               _/_/    _/  _/_/_/_/_/  _/_/_/_/_/
         _/      _/      _/    _/_/_/   _/  _/  _/  _/_/_/_/        _/
   _/_/_/_/_/  _/_/_/_/               _/      _/  _/_/_/_/_/      _/

                             Innovative Data Services 
                          Serving South-Eastern Michigan 
        Internet Service Provider / Hardware Sales / Consulting Services
       Voice: (810)855-0404 / Fax: (810)855-3268 / Web: http://www.id.net