From owner-freebsd-bugs Mon May 3 20: 0:15 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 5042A14DC4 for ; Mon, 3 May 1999 20:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id UAA10378; Mon, 3 May 1999 20:00:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Date: Mon, 3 May 1999 20:00:01 -0700 (PDT) Message-Id: <199905040300.UAA10378@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: "G. Adam Stanislav" Subject: Re: misc/11475: Possible security hazard? Reply-To: "G. Adam Stanislav" Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR misc/11475; it has been noted by GNATS. From: "G. Adam Stanislav" To: Matthew Hunt Cc: FreeBSD-gnats-submit@FreeBSD.ORG Subject: Re: misc/11475: Possible security hazard? Date: Mon, 3 May 1999 21:52:40 -0500 On Mon, May 03, 1999 at 06:33:07PM -0700, Matthew Hunt wrote: > > While only a superuser can execute the reboot command, any user can > > accomplish the same thing by pressing ctl-alt-delete. > > Not a bug. A local user can also hit the reset button or kill > the power or do pretty much anything else. Physical security is > your friend. Don't let untrusted people hang out at the console. I think there is a difference: You can lock up the CPU, thus preventing access to the reset button and the plug, but you cannot lock up the console. If you are teaching people how to use computers in a class, they can press the ctl-alt-del combination because they do not know any better (especially if they come from Windows background), not because they are malicious or untrusted. > If you don't want this behavior, edit the keymap that you're > using. See (I think) /usr/share/syscons/keymaps/. It is easily > changed. OK, thanks. It is really not a problem for me, I simply noticed it, and was trying to be helpful by reporting it. I am glad to hear it can be changed. :-) I still think it would make sense if *by default* this were set up so it only works for the superuser and only available to the regular user if the administrator changes the defaults. Anyway, it's no big deal... Thanks, Adam To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message