Hi, On Sun, Sep 16, 2007 at 10:28:06AM -0400, Ralph Katz wrote: > Package: debian-reference-common > Version: CVS, Thu Jan 18 11:52:15 UTC 2007 > Severity: normal > > > Hi Osamu - Please correct section 8.5.2. Alt-SysRq. Alt-SysRq IS > enabled in the current, standard Etch kernel 2.6.18-5-686.
I kind of realized it sometime ago... > I believe some mention of the security implications of this would also > be appropriate. A local user could reboot the system with this. > > Perhaps these changes would suffice: > > Delete: > Debian default installation kernels are not compiled with this > option at the time this document is written. Recompile the kernel to > activate this function. > > Add to end of section 8.5.2: > To prevent local users from shutting down or rebooting the system > with magic SysRq, refer to section 9.2.5. Restricting access to > services. > > Add to 9.2.5. Restricting access to services: > Starting with Etch, magic SysRq is enabled to allow users certain > root system privileges (see section 8.5.2. Alt-SysRq). To disable > this functionality, edit /etc/sysctl.conf [I'm not sure what to put > here]. Since /proc/sys/kernel/sysrq is the one to manage, I think: kernel.sysrq = 0 (As I see my system, it is 1 now.) > Note: I have not verified the description of sysrq actions with what actually > happens. FYI, there is no mention of sysrq in securing-debian. Me either... > Regards, > Ralph > > -- System Information: > Debian Release: 4.0 > APT prefers stable > APT policy: (500, 'stable') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18-5-686 > Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
