From owner-freebsd-stable Tue Aug 28 13:53: 2 2001 Delivered-To: freebsd-stable@freebsd.org Received: from salmon.maths.tcd.ie (salmon.maths.tcd.ie [134.226.81.11]) by hub.freebsd.org (Postfix) with SMTP id 2DCAB37B401 for ; Tue, 28 Aug 2001 13:52:57 -0700 (PDT) (envelope-from dwmalone@maths.tcd.ie) Received: from walton.maths.tcd.ie by salmon.maths.tcd.ie with SMTP id ; 28 Aug 2001 21:52:56 +0100 (BST) Date: Tue, 28 Aug 2001 21:52:55 +0100 From: David Malone To: Pascal Pederiva , Kazutaka YOKOTA , freebsd-stable@FreeBSD.ORG Subject: Re: Disabling harmful keys (was: Re: PATCH: syscons.c sysctl for PC-Reboot Keys) Message-ID: <20010828215255.A69585@walton.maths.tcd.ie> References: <200108101231.VAA17040@zodiac.mech.utsunomiya-u.ac.jp> <20010826004958.A81897@paped.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010826004958.A81897@paped.com>; from freebsd@paped.com on Sun, Aug 26, 2001 at 12:49:58AM +0200 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Aug 26, 2001 at 12:49:58AM +0200, Pascal Pederiva wrote: > > 2. Proposition > > > > In order to not have too many kernel options and sysctl variables > > to control individual keys, I shall propose the following compromise. > > > > - One kernel option to permanently disable all harmful keys. > > SC_DISABLE_HARMFUL_KEYS > > > > - One sysctl variable to enable/disable individual harmful keys. > > machdep.disable_harmful_keys > > > > This is a bitmap in which you set a bit to disable corresponding > > harmful key. I actually had another idea for handling this which might be useful alternative. The idea was to impliment a cons.keymap.protection which could be set to 0, 1 or 2. The effect was: 0: Anyone can change the keymap. 1: Only root can change keys with effects like reboot, panic, ... 2: Only root can make any change to the keymap. This means that you can enable special set of keys by adding or removing it to the keymap and raising the sysctl level. It also allows you to prevent users screwing up the keymap in general, which may or may not be a problem for users. It also doesn't need any bitmap magic, which might be less confusing for people. I have half an implimentation of this, which I'll try to finish tomorrow. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message