Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 2856 - Kernel Alt-sysrq functionality is _dangerous_
Kernel Alt-sysrq functionality is _dangerous_
Product: Red Hat Linux
Classification: Retired
Component: kernel (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Cristian Gafton
: Security
Depends On:
  Show dependency treegraph
Reported: 1999-05-16 18:17 EDT by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 1999-08-31 18:19:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Evans 1999-05-16 18:17:12 EDT

Before you punt this bug, let me give some background. It is
common, especially in academia, to give console access to
Linux workstations. It is also desirable for these machines
to be secure. This is often done by locking the machine the
keyboard/monitor is attached to, in a cupboard.

In RH5.2, all console "dangers" could be turned off, e.g.
ctrl-alt-del can be disabled in /etc/inittab

RH6.0 introduces 2 new console dangers; reboot/halt via gdm
and kernel alt-sysrq key.

The former may be disabled by editing /etc/X11/gdm/gdm.conf,
but the latter probably can't be turned off easily :-(

So I log this bug so the issue is known about.

Comment 1 Derek Tattersall 1999-05-20 11:38:59 EDT
Red Hat 6.0 ships with alt+sysreq key combination disabled.  Unless
you explicitly build a kernel with it enabled those keys do

The gdm problem is another matter however.
Comment 2 Michael K. Johnson 1999-05-25 14:42:59 EDT
Correction: alt-sysrq is not disabled in Red Hat Linux 6.0

We need to create a kernel patch that creates a sysconf variable
that controls whether alt-sysrq is enabled.  We need to coordinate
this with kernel folks, obviously...
Comment 3 Cristian Gafton 1999-06-16 11:25:59 EDT
Maybe Alan can take a look at this?
Comment 4 Bill Nottingham 1999-08-31 18:19:59 EDT
fixed in initscripts-4.34-1.

Note You need to log in before you can comment on or make changes to this bug.