Package: debian-reference-common
Version: CVS, Thu Jan 18 11:52:15 UTC 2007
Severity: normal
Hi Osamu - Please correct section 8.5.2. Alt-SysRq. Alt-SysRq IS
enabled in the current, standard Etch kernel 2.6.18-5-686.
I believe some mention of the security implications of this would also
be appropriate. A local user could reboot the system with this.
Perhaps these changes would suffice:
Delete:
Debian default installation kernels are not compiled with this
option at the time this document is written. Recompile the kernel to
activate this function.
Add to end of section 8.5.2:
To prevent local users from shutting down or rebooting the system
with magic SysRq, refer to section 9.2.5. Restricting access to
services.
Add to 9.2.5. Restricting access to services:
Starting with Etch, magic SysRq is enabled to allow users certain
root system privileges (see section 8.5.2. Alt-SysRq). To disable
this functionality, edit /etc/sysctl.conf [I'm not sure what to put
here].
Note: I have not verified the description of sysrq actions with what actually
happens. FYI, there is no mention of sysrq in securing-debian.
Regards,
Ralph
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-686
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
