Re: [PATCH]: Runtime enable/disable magic sysrq against 2.1.107pre1.
Myrdraal (myrdraal@jackalz.dyn.ml.org)
Thu, 25 Jun 1998 14:17:39 -0400
On Thu, Jun 25, 1998 at 01:14:50PM -0400, Adam Sulmicki wrote:
Hi,
> Myrdraal writes:
> -> For all those who said that having magic sysrq enabled on a system was
> -> a security hole:
> -> This patch will add /proc/sys/debug/sysrq_enable. If you:
> -> echo "0">/proc/sys/debug/sysrq_enable
> -> then sysrq won't work. If you:
> -> echo "1">/proc/sys/debug/sysrq_enable
> -> then sysrq will work. "1" is the default setting. Comments? This is
> -> my very first kernel hack, so be gentle :)
> IMHO, it is an debug feature, so it should be *diabled by default*.
Well, if someone has the ability to boot your system so they can do
evil stuff before your init scripts have had time to turn off sysrq
then they can't do much more when they *do* have sysrq. (See previous message)
> After all you don't want random Joe to come to your machine and
> play random stuff with it.
Please see my previous message to this thread for an (atleast partial)
answer.
> However, since you want to have it enable as early as possible during
> kernel booting, as I see the soluion is to add it as
> command line option to pass to kernel.
Hmmm, that would be three different ways to toggle it; config, proc, and
boot command line... That seems a tiny bit excessive to me. Especially
when there's not a heck of alot they can do with this functionality.
IMHO, ofcourse.
> Just my 2 bits aligend to 16bits boundary.
Cute :)
-Myrdraal
--
Linux jackalz 2.1.107 #76 Thu Jun 25 07:10:43 EDT 1998 i486
2:14pm up 6:29, 16 users, load average: 0.75, 0.56, 0.47
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu