Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 7 Apr 2001 17:10:02 -0700 (PDT)
From:      David Taylor <davidt@yadt.co.uk>
To:        freebsd-bugs@FreeBSD.org
Subject:   Re: kern/26416: ctrl+alt+del --- normal user can reboot machine
Message-ID:  <200104080010.f380A2v76471@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
The following reply was made to PR kern/26416; it has been noted by GNATS.

From: David Taylor <davidt@yadt.co.uk>
To: davidx@viasoft.com.cn
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine
Date: Sun, 8 Apr 2001 01:01:03 +0100

 --vkogqOf2sHV7VnPd
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Sat, 07 Apr 2001, davidx@viasoft.com.cn wrote:
 > >Description:
 > a normal user can login console and press ctrl+alt+del to reboot
 > machine, there is no way to disable this action even it is what=20
 > root want. a root user can load a tweaked keyboard map to disable
 > ctrl+alt+del, but a normal user can still load another keyboard map
 > to re-enable ctrl+alt+del. this is a security problem.
 
 Not strictly true:
 
 options         SC_DISABLE_REBOOT       # disable reboot key sequence      =
     =20
 
 in the kernel config will disable ctrl+alt+del entirely.
 
 > options:
 >   1. disable normal user to load a keyboard map, but if it is a user=20
 >      owned pc, it is kibitzed.
 >   2. normal user presses ctrl+alt+del has no effect, but if it is=20
 >      a user owned pc, this is also kibitzed.=20
 >   3. final solution, add a sysctl item to let root user enable/disable=20
 >      ctrl+alt+del.
 >=20
 
 IMNSHO, a sysctl to disable c+a+d, and to disable normal users loading new
 keymaps (i.e. two seperate sysctls), would be a good idea..
 
 --=20
 David Taylor
 davidt@yadt.co.uk
 
 --vkogqOf2sHV7VnPd
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.4 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE6z6o+fIqKXSsJ/xERAguNAJ9911BDw862AfSQ3kzfVItUr33CygCeJWHQ
 Res0PlbIhtYSrcXq6uhM7NE=
 =CcmM
 -----END PGP SIGNATURE-----
 
 --vkogqOf2sHV7VnPd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104080010.f380A2v76471>