Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- From: Ralph Katz <ralph.katz@xxxxxxx>
- Date: Tue, 18 Sep 2007 18:05:05 -0400
On 09/18/2007 05:17 PM, David Brodbeck wrote:
On Sep 18, 2007, at 11:19 AM, Ralph Katz wrote:
This is a local vulnerability, yes. No worse than pulling the plug. Of
course that IS the problem. Only keyboard access is needed for this.
To test, I booted a second etch computer which comes up to a gnome
desktop, and hit alt-sysrq-i. The display shows a nasty pink colored
image... Next was to hit alt-sysrq-b which must be the linux 3-finger
salute known to windows people.
Hmm. I see what you're getting at, but is this really any worse than
the default ctrl-alt-del behavior? (Or is there a security warning
about that, too?)
Frankly, if someone has physical access, a reboot is just about the
least of your worries. It's pretty trivial for them to gain root access
if they have physical access to the hardware.
It is worse precisely because it's undocumented. The default
ctrl-alt-del behavior is documented, so not an issue.
One might ask whether the default ON for sysrq is appropriate for
Stable. While I don't think it is, my bigger problem is with the
absence of warnings or user documentation. This is critical for a
distro that cares about its users which is why I filed bug 442512.
Perhaps this is more an issue to me as a non-programmer...
And yes, physical access is problematic.
Regards,
Ralph
--
To UNSUBSCRIBE, email to debian-user-REQUEST@xxxxxxxxxxxxxxxx
with a subject of "unsubscribe". Trouble? Contact listmaster@xxxxxxxxxxxxxxxx
- Follow-Ups:
- Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- From: Andrew Sackville-West
- Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- References:
- X ignores keyboard and mouse input, but shows cursor movement (etch)
- From: Ralph Katz
- Re: X ignores keyboard and mouse input, but shows cursor movement (etch)
- From: Kelly Clowers
- Re: X ignores keyboard and mouse input, but shows cursor movement (etch)
- From: Ralph Katz
- Re: X ignores keyboard and mouse input, but shows cursor movement (etch)
- From: Richard A Nelson
- Re: X ignores keyboard and mouse input, but shows cursor movement (etch)
- From: Kelly Clowers
- Re: X ignores keyboard and mouse input, but shows cursor movement (etch)
- From: Andrew Sackville-West
- Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- From: Ralph Katz
- Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- From: Andrew Sackville-West
- Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- From: Ralph Katz
- Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- From: David Brodbeck
- X ignores keyboard and mouse input, but shows cursor movement (etch)
- Prev by Date: Re: etch installation fails on two machines
- Next by Date: Re: Strange networking problems
- Previous by thread: Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- Next by thread: Re: Magic SysRq [was Re: X ignores keyboard and mouse input, but shows cursor movement (etch)]
- Index(es):
Relevant Pages
|
|
