On Tue, Jan 26, 2010 at 17:31:23 +0100, Josselin Mouette wrote: > Le mardi 26 janvier 2010 à 16:19 +0100, Guido Günther a écrit : > > > True, but this one is trivial to exploit and is also fairly easy to > > > prevent so > > > why stick with it? > > I can only agree here. procps should at least get a: > > > > sys.kernel.sysrq = 0 > > It’s only a workaround, and it’s a bit too much to disable all SysRq > since other SysRq combinations are not a security threat. However we > could ship this in the gnome-screensaver/xscreensaver packages if there > is no other solution. This would make the obvious and immediate security > issue go away.
Not really, because everyone will re-enable it anyway. Disabling sysrq system-wise to avoid the X screensaver being killed is too big a hammer, IMO. Cheers, Julien -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
