From owner-freebsd-bugs  Sat Apr  7 17:30: 8 2001
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 89B8337B43F
	for <freebsd-bugs@hub.freebsd.org>; Sat,  7 Apr 2001 17:30:03 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.11.1/8.11.1) id f380U3N77890;
	Sat, 7 Apr 2001 17:30:03 -0700 (PDT)
	(envelope-from gnats)
Date: Sat, 7 Apr 2001 17:30:03 -0700 (PDT)
Message-Id: <200104080030.f380U3N77890@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Dima Dorfman <dima@unixfreak.org>
Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine 
Reply-To: Dima Dorfman <dima@unixfreak.org>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR kern/26416; it has been noted by GNATS.

From: Dima Dorfman <dima@unixfreak.org>
To: davidx@viasoft.com.cn
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: kern/26416: ctrl+alt+del --- normal user can reboot machine 
Date: Sat, 07 Apr 2001 17:23:58 -0700

 davidx@viasoft.com.cn writes:
 > >Description:
 > a normal user can login console and press ctrl+alt+del to reboot
 > machine, there is no way to disable this action even it is what 
 > root want. a root user can load a tweaked keyboard map to disable
 > ctrl+alt+del, but a normal user can still load another keyboard map
 > to re-enable ctrl+alt+del. this is a security problem.
 
 A normal user can also plant an explosive device next to the computer
 and blow it up.  They can also throw a grenade.  Failing that, they
 can rip the computer off the rack (or table) and throw it out a
 window.  If you don't have a window, they can throw it against a wall.
 Heck, they can just push the power button!  What do you expect FreeBSD
 to do about that?
 
 In other words, I don't think this is a security hole.  There are
 bigger problems when a user has console access.  A reboot via the
 three-finger-salute is but a minor detail.  Also, as someone has
 already pointed out, there is a kernel option to disable this.  Since
 it's not something you would want to be turning on and off on a
 regular basis, there's no need for a sysctl.
 
 Regards,
 
 					Dima Dorfman
 					dima@unixfreak.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message