Date: Tue, 28 Aug 2001 21:52:55 +0100 From: David Malone <dwmalone@maths.tcd.ie> To: Pascal Pederiva <freebsd@paped.com>, Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>, freebsd-stable@FreeBSD.ORG Subject: Re: Disabling harmful keys (was: Re: PATCH: syscons.c sysctl for PC-Reboot Keys) Message-ID: <20010828215255.A69585@walton.maths.tcd.ie> In-Reply-To: <20010826004958.A81897@paped.com>; from freebsd@paped.com on Sun, Aug 26, 2001 at 12:49:58AM %2B0200 References: <200108101231.VAA17040@zodiac.mech.utsunomiya-u.ac.jp> <20010826004958.A81897@paped.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Aug 26, 2001 at 12:49:58AM +0200, Pascal Pederiva wrote: > > 2. Proposition > > > > In order to not have too many kernel options and sysctl variables > > to control individual keys, I shall propose the following compromise. > > > > - One kernel option to permanently disable all harmful keys. > > SC_DISABLE_HARMFUL_KEYS > > > > - One sysctl variable to enable/disable individual harmful keys. > > machdep.disable_harmful_keys > > > > This is a bitmap in which you set a bit to disable corresponding > > harmful key. I actually had another idea for handling this which might be useful alternative. The idea was to impliment a cons.keymap.protection which could be set to 0, 1 or 2. The effect was: 0: Anyone can change the keymap. 1: Only root can change keys with effects like reboot, panic, ... 2: Only root can make any change to the keymap. This means that you can enable special set of keys by adding or removing it to the keymap and raising the sysctl level. It also allows you to prevent users screwing up the keymap in general, which may or may not be a problem for users. It also doesn't need any bitmap magic, which might be less confusing for people. I have half an implimentation of this, which I'll try to finish tomorrow. David. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010828215255.A69585>