On 09/18/2007 01:12 PM, Andrew Sackville-West wrote: > On Sun, Sep 16, 2007 at 09:06:49AM -0400, Ralph Katz wrote: >> On 09/14/2007 07:24 PM, Andrew Sackville-West wrote: >> >>> just a word to the wise when dealing with these issues... magic sysrq >>> key, be sure to google it. The two that are most useful, to me anyway, >>> are >>> >>> Alt-sysrq-s to sync the filesystems (you'll see your drive light come >>> on briefly and you;ll get a console message if you happen to be in >>> one.) >>> >>> alt-sysrq-b to reboot. >> This is new to me; never knew what that key did! >> >> Etch has sysrq enabled. However, the security implications should be >> documented. SysRq isn't even mentioned in securing-debian-howto. It's >> mentioned incorrectly as "default installation kernels are not compiled >> with this option" in debian reference ( >> http://qref.sourceforge.net/). > > out of curiousity, what are the security implications? sysrq requires > physical access to the machine (well, at least the keyboard) and > therefore security is pretty much out the window. or is there some way > to trigger these events from a remote location?
Andrew, surely you're kidding! :) This is a local vulnerability, yes. No worse than pulling the plug. Of course that IS the problem. Only keyboard access is needed for this. To test, I booted a second etch computer which comes up to a gnome desktop, and hit alt-sysrq-i. The display shows a nasty pink colored image... Next was to hit alt-sysrq-b which must be the linux 3-finger salute known to windows people. And yes, I've filed a bug on this (442512, 442893). Regards, Ralph -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
