Bug 2856

Summary: Kernel Alt-sysrq functionality is _dangerous_
Product: [Retired] Red Hat Linux Reporter: Chris Evans <chris>
Component: kernelAssignee: Cristian Gafton <gafton>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 6.0CC: alan, msw
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 1999-08-31 22:19:12 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Evans 1999-05-16 22:17:12 UTC 
Hi

Before you punt this bug, let me give some background. It is
common, especially in academia, to give console access to
Linux workstations. It is also desirable for these machines
to be secure. This is often done by locking the machine the
keyboard/monitor is attached to, in a cupboard.

In RH5.2, all console "dangers" could be turned off, e.g.
ctrl-alt-del can be disabled in /etc/inittab

RH6.0 introduces 2 new console dangers; reboot/halt via gdm
and kernel alt-sysrq key.

The former may be disabled by editing /etc/X11/gdm/gdm.conf,
but the latter probably can't be turned off easily :-(

So I log this bug so the issue is known about.

Chris
Comment 1 Derek Tattersall 1999-05-20 15:38:59 UTC 
Red Hat 6.0 ships with alt+sysreq key combination disabled.  Unless
you explicitly build a kernel with it enabled those keys do
nothing.

The gdm problem is another matter however.
Comment 2 Michael K. Johnson 1999-05-25 18:42:59 UTC 
Correction: alt-sysrq is not disabled in Red Hat Linux 6.0

We need to create a kernel patch that creates a sysconf variable
that controls whether alt-sysrq is enabled.  We need to coordinate
this with kernel folks, obviously...
Comment 3 Cristian Gafton 1999-06-16 15:25:59 UTC 
Maybe Alan can take a look at this?
Comment 4 Bill Nottingham 1999-08-31 22:19:59 UTC 
fixed in initscripts-4.34-1.