From owner-freebsd-bugs  Sat Apr  7 17:10: 7 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 8C4FB37B422
	for <freebsd-bugs@hub.freebsd.org>; Sat,  7 Apr 2001 17:10:02 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f380A2v76471;
	Sat, 7 Apr 2001 17:10:02 -0700 (PDT)
	(envelope-from gnats)
Date: Sat, 7 Apr 2001 17:10:02 -0700 (PDT)
Message-Id: <200104080010.f380A2v76471@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: David Taylor <davidt@yadt.co.uk>
Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine
Reply-To: David Taylor <davidt@yadt.co.uk>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/26416; it has been noted by GNATS.

From: David Taylor <davidt@yadt.co.uk>
To: davidx@viasoft.com.cn
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine
Date: Sun, 8 Apr 2001 01:01:03 +0100

 --vkogqOf2sHV7VnPd
 Content-Type: text/plain; charset=us-ascii
 Content-Disposition: inline
 Content-Transfer-Encoding: quoted-printable
 
 On Sat, 07 Apr 2001, davidx@viasoft.com.cn wrote:
 > >Description:
 > a normal user can login console and press ctrl+alt+del to reboot
 > machine, there is no way to disable this action even it is what=20
 > root want. a root user can load a tweaked keyboard map to disable
 > ctrl+alt+del, but a normal user can still load another keyboard map
 > to re-enable ctrl+alt+del. this is a security problem.
 
 Not strictly true:
 
 options         SC_DISABLE_REBOOT       # disable reboot key sequence      =
     =20
 
 in the kernel config will disable ctrl+alt+del entirely.
 
 > options:
 >   1. disable normal user to load a keyboard map, but if it is a user=20
 >      owned pc, it is kibitzed.
 >   2. normal user presses ctrl+alt+del has no effect, but if it is=20
 >      a user owned pc, this is also kibitzed.=20
 >   3. final solution, add a sysctl item to let root user enable/disable=20
 >      ctrl+alt+del.
 >=20
 
 IMNSHO, a sysctl to disable c+a+d, and to disable normal users loading new
 keymaps (i.e. two seperate sysctls), would be a good idea..
 
 --=20
 David Taylor
 davidt@yadt.co.uk
 
 --vkogqOf2sHV7VnPd
 Content-Type: application/pgp-signature
 Content-Disposition: inline
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.0.4 (FreeBSD)
 Comment: For info see http://www.gnupg.org
 
 iD8DBQE6z6o+fIqKXSsJ/xERAguNAJ9911BDw862AfSQ3kzfVItUr33CygCeJWHQ
 Res0PlbIhtYSrcXq6uhM7NE=
 =CcmM
 -----END PGP SIGNATURE-----
 
 --vkogqOf2sHV7VnPd--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message