Re: [PATCH] tty: sysrq: Introduce compile-time crash-only mode
From: Greg KH
Date: Tue Jul 08 2025 - 04:05:37 EST
On Tue, Jul 08, 2025 at 12:16:50AM +0300, Marwan Seliem wrote:
> Let me clarify the security rationale and address your concerns.
>
> > "security" involves crashing the system, so I fail to understand why one
> > is more "secure" than the other.
>
> You're absolutely right that crash access itself requires careful consideration.
> The security distinction we're making is between:
>
> 1. Controlled Crash Access (our patch):
> - Single, auditable code path (only sysrq-c)
> - No runtime configuration possible
> - No ancillary debug features that could leak information
>
> 2. Full SysRq Access:
> - ~60 command vectors to maintain/audit
> - Runtime configuration complexity
> - Features like memory/register dumps
One can make this argument for each of the sysrq options, but attempting
to make each one a config option is crazy. We have chosen the "either
all or none" to make things simpler overall.
So attempting to maintain yet-another-configuration-option like this,
for the next 40+ years, is adding to our maintance burden for almost no
benifit that I can determine (hint, I still think it's crazy to allow a
system to crash but not the other things.)
So I can't accept this added complexity at this point in time, sorry.
If you can convince others that this really is worth the overhead
involved in it, please do so and come back with some more support.
thanks,
greg k-h