Re: Speaking of SysRQ...

Jeff MacDonald (jam@ans.net)
Wed, 10 Jun 1998 04:14:51 +0000

Matt Kemner wrote:
>
> On Tue, 9 Jun 1998 jam@ans.net wrote:
>
> jam> what kind of environment are you describing?
>
> Think of a High School or University lab full of computers, or something
> like a public library terminal. The physical computers are locked in a
> cabinet with only the keyboard/mouse and monitor protruding, so the user
> cannot reset the machine or pull the power cord. The user does not have
> root access. (console access != root access). A simple sysctl/proc entry
> to enable/disable sysrq would be _very_ useful in this case.
> (the lab administrator could keep it disabled by default, but enable it
> when he's trying out a new kernel/installing a new X server/anythign that
> could put the computer in a position where he might want to use sysrq, by
> echo'ing 1 to the appropriate file in /proc, then disable it again after
> he's finished by echo'ing a 0)
>

IMHO, the minute you give someone console access to a unix machine, they
might as well have root privs.. if they can login to the box and 'cat
/etc/passwd' onto a floppy disk, the possibilities are endless.

> My personal, private opinion is that sysrq should be configurable in
> config/menuconfig like it is now, defaulting to off, but requiring root to
> ALSO echo a 1 to a value in /proc to turn it on. (something along the
> lines of what you have to do to enable ip_forward etc)
>

what happens if you're running a 'test' kernel, and *don't* have the
ability to login as root and 'cat' that magic number into the /proc
filesystem? I suppose that works fine if you "always" leave it enabled
on test machines, and "always" disable it afterwards..

> Note that I personally don't NEED this option since nobody has physical
> access to my production servers, so I'd probably leave it enabled all the
> time anyway, but I can easily see where having it run-time configurable
> can be very useful for many people.
>

granted.

> - Matt Kemner
> System Administrator
> Networx Internet
> Western Australia
> ++61 8 9345 3377
>
> P.S. For those of you that are considering replying with "but what about
> control-alt-delete", check out the "ca" entry in your inittab, and make it
> run something other than shutdown.
> (eg ca:12345:ctrlaltdel:/bin/echo "I don't think so, Tim.")
>

but this is trivial to get around if we assume the user can get root
access pretty easily (as per above).

one good way to provide a physically secure machine in this kind of
environment might be to put a serial card into the machine, and carry a
laptop around that is able to login as 'root' via that "console" port.
this would prevent all but the most determined folks from doing
something 'bad' to the machine. it would also leave the machine open to
be connected via modem for similar *very remote* troubleshooting.

of course, I doubt that there is presently any way to send the 'magic
sysreq' over a serial line, so I don't know how that solves the original
problem, but it certainly seems more secure than 'assuming' that the
human sysop is perfect and will remember to enable/disable the feature
as appropriate, especially when talking about a *large* installation of
linux boxen.

just my two cents..

Regards,
Jeff

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu