From owner-freebsd-bugs Sat Apr 7 17:30: 8 2001 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 89B8337B43F for ; Sat, 7 Apr 2001 17:30:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f380U3N77890; Sat, 7 Apr 2001 17:30:03 -0700 (PDT) (envelope-from gnats) Date: Sat, 7 Apr 2001 17:30:03 -0700 (PDT) Message-Id: <200104080030.f380U3N77890@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Dima Dorfman Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine Reply-To: Dima Dorfman Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The following reply was made to PR kern/26416; it has been noted by GNATS. From: Dima Dorfman To: davidx@viasoft.com.cn Cc: freebsd-gnats-submit@FreeBSD.org Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine Date: Sat, 07 Apr 2001 17:23:58 -0700 davidx@viasoft.com.cn writes: > >Description: > a normal user can login console and press ctrl+alt+del to reboot > machine, there is no way to disable this action even it is what > root want. a root user can load a tweaked keyboard map to disable > ctrl+alt+del, but a normal user can still load another keyboard map > to re-enable ctrl+alt+del. this is a security problem. A normal user can also plant an explosive device next to the computer and blow it up. They can also throw a grenade. Failing that, they can rip the computer off the rack (or table) and throw it out a window. If you don't have a window, they can throw it against a wall. Heck, they can just push the power button! What do you expect FreeBSD to do about that? In other words, I don't think this is a security hole. There are bigger problems when a user has console access. A reboot via the three-finger-salute is but a minor detail. Also, as someone has already pointed out, there is a kernel option to disable this. Since it's not something you would want to be turning on and off on a regular basis, there's no need for a sysctl. Regards, Dima Dorfman dima@unixfreak.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message