Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 28 Aug 2001 21:52:55 +0100
From:      David Malone <dwmalone@maths.tcd.ie>
To:        Pascal Pederiva <freebsd@paped.com>, Kazutaka YOKOTA <yokota@zodiac.mech.utsunomiya-u.ac.jp>, freebsd-stable@FreeBSD.ORG
Subject:   Re: Disabling harmful keys (was: Re: PATCH: syscons.c sysctl for PC-Reboot Keys)
Message-ID:  <20010828215255.A69585@walton.maths.tcd.ie>
In-Reply-To: <20010826004958.A81897@paped.com>; from freebsd@paped.com on Sun, Aug 26, 2001 at 12:49:58AM %2B0200
References:  <200108101231.VAA17040@zodiac.mech.utsunomiya-u.ac.jp> <20010826004958.A81897@paped.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sun, Aug 26, 2001 at 12:49:58AM +0200, Pascal Pederiva wrote:
> > 2. Proposition
> > 
> > In order to not have too many kernel options and sysctl variables
> > to control individual keys, I shall propose the following compromise.
> > 
> > - One kernel option to permanently disable all harmful keys.
> > SC_DISABLE_HARMFUL_KEYS
> > 
> > - One sysctl variable to enable/disable individual harmful keys.
> > machdep.disable_harmful_keys
> > 
> > This is a bitmap in which you set a bit to disable corresponding
> > harmful key.

I actually had another idea for handling this which might be useful
alternative. The idea was to impliment a cons.keymap.protection
which could be set to 0, 1 or 2. The effect was:
 
       0: Anyone can change the keymap.
       1: Only root can change keys with effects like reboot, panic, ...
       2: Only root can make any change to the keymap.
 
This means that you can enable special set of keys by adding or
removing it to the keymap and raising the sysctl level. It also
allows you to prevent users screwing up the keymap in general,
which may or may not be a problem for users. It also doesn't need
any bitmap magic, which might be less confusing for people.

I have half an implimentation of this, which I'll try to finish
tomorrow.

	David.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010828215255.A69585>