From owner-freebsd-stable  Tue Aug 28 13:53: 2 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11])
	by hub.freebsd.org (Postfix) with SMTP id 2DCAB37B401
	for <freebsd-stable@FreeBSD.ORG>; Tue, 28 Aug 2001 13:52:57 -0700 (PDT)
	(envelope-from dwmalone@maths.tcd.ie)
Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP
          id <aa11000@salmon>; 28 Aug 2001 21:52:56 +0100 (BST)
Date: Tue, 28 Aug 2001 21:52:55 +0100
From: David Malone <dwmalone@maths.tcd.ie>
To: Pascal Pederiva <freebsd@paped.com>,
	Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>,
	freebsd-stable@FreeBSD.ORG
Subject: Re: Disabling harmful keys (was: Re: PATCH: syscons.c sysctl for PC-Reboot Keys)
Message-ID: <20010828215255.A69585@walton.maths.tcd.ie>
References: <200108101231.VAA17040@zodiac.mech.utsunomiya-u.ac.jp> <20010826004958.A81897@paped.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010826004958.A81897@paped.com>; from freebsd@paped.com on Sun, Aug 26, 2001 at 12:49:58AM +0200
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

On Sun, Aug 26, 2001 at 12:49:58AM +0200, Pascal Pederiva wrote:
> > 2. Proposition
> > 
> > In order to not have too many kernel options and sysctl variables
> > to control individual keys, I shall propose the following compromise.
> > 
> > - One kernel option to permanently disable all harmful keys.
> > SC_DISABLE_HARMFUL_KEYS
> > 
> > - One sysctl variable to enable/disable individual harmful keys.
> > machdep.disable_harmful_keys
> > 
> > This is a bitmap in which you set a bit to disable corresponding
> > harmful key.

I actually had another idea for handling this which might be useful
alternative. The idea was to impliment a cons.keymap.protection
which could be set to 0, 1 or 2. The effect was:
 
       0: Anyone can change the keymap.
       1: Only root can change keys with effects like reboot, panic, ...
       2: Only root can make any change to the keymap.
 
This means that you can enable special set of keys by adding or
removing it to the keymap and raising the sysctl level. It also
allows you to prevent users screwing up the keymap in general,
which may or may not be a problem for users. It also doesn't need
any bitmap magic, which might be less confusing for people.

I have half an implimentation of this, which I'll try to finish
tomorrow.

	David.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message