From adam@whizkidtech.net Mon May  3 18:10:13 1999
Return-Path: <adam@whizkidtech.net>
Received: from whizkidtech.net (r26.bfm.org [208.18.213.122])
	by hub.freebsd.org (Postfix) with ESMTP id D649F15660
	for <FreeBSD-gnats-submit@freebsd.org>; Mon,  3 May 1999 18:10:05 -0700 (PDT)
	(envelope-from adam@whizkidtech.net)
Received: (from adam@localhost)
	by whizkidtech.net (8.9.2/8.9.2) id UAA00319;
	Mon, 3 May 1999 20:10:05 -0500 (CDT)
	(envelope-from adam)
Message-Id: <199905040110.UAA00319@whizkidtech.net>
Date: Mon, 3 May 1999 20:10:05 -0500 (CDT)
From: "G. Adam Stanislav" <adam@whizkidtech.net>
Reply-To: adam@whizkidtech.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: Possible security hazard?
X-Send-Pr-Version: 3.2

>Number:         11475
>Category:       misc
>Synopsis:       Any user can reboot
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon May  3 18:20:01 PDT 1999
>Closed-Date:    Mon May 3 22:52:10 EDT 1999
>Last-Modified:  Mon May  3 20:00:02 PDT 1999
>Originator:     G. Adam Stanislav
>Release:        FreeBSD 3.1-RELEASE i386
>Organization:
Whiz Kid Technomagic
>Environment:

FreeBSD 31.-RELEASE, local console

>Description:

While only a superuser can execute the reboot command, any user can
accomplish the same thing by pressing ctl-alt-delete.

>How-To-Repeat:

Log on as an ordinary user and press ctl-alt-delete.

>Fix:
	
Unknown


>Release-Note:
>Audit-Trail:

From: Chris Costello <chris@holly.dyndns.org>
To: "G. Adam Stanislav" <adam@whizkidtech.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/11475: Possible security hazard?
Date: Mon, 3 May 1999 20:31:40 -0500

 On Mon, May 3, 1999, G. Adam Stanislav wrote:
 > 
 > >Number:         11475
 > >Category:       misc
 > >Synopsis:       Any user can reboot
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    freebsd-bugs
 > >State:          open
 > >Quarter:        
 > >Keywords:       
 > >Date-Required:
 > >Class:          sw-bug
 > >Submitter-Id:   current-users
 > >Arrival-Date:   Mon May  3 18:20:01 PDT 1999
 > >Closed-Date:
 > >Last-Modified:
 > >Originator:     G. Adam Stanislav
 > >Release:        FreeBSD 3.1-RELEASE i386
 > >Organization:
 > Whiz Kid Technomagic
 > >Environment:
 > 
 > FreeBSD 31.-RELEASE, local console
 > 
 > >Description:
 > 
 > While only a superuser can execute the reboot command, any user can
 > accomplish the same thing by pressing ctl-alt-delete.
 
    *Sigh*, had you read the LINT kernel config or the man page:
 
 options         SC_DISABLE_REBOOT       # disable reboot key sequence
 
      syscons, sc - the console driver
 
 SYNOPSIS
      options "MAXCONS=N"
      options "SC_DISABLE_REBOOT"
               ^^^^^^^^^^^^^^^^^
 [...]
 
      SC_DISABLE_REBOOT
             This option disables the ``reboot'' key (by default, it is Ctl-
             Alt-Del ), so that the casual user may not accidentally reboot the
             system.
 
 
 
 > 
 > >How-To-Repeat:
 > 
 > Log on as an ordinary user and press ctl-alt-delete.
 > 
 > >Fix:
 > 	
 > Unknown
 > 
 > 
 > >Release-Note:
 > >Audit-Trail:
 > >Unformatted:
 > 
 > 
 > To Unsubscribe: send mail to majordomo@FreeBSD.org
 > with "unsubscribe freebsd-bugs" in the body of the message
 > 
 
 -- 
 Chris Costello                                <chris@calldei.com>
 The next generation of computers will have a "Warranty Expired" interrupt.
 

From: Matthew Hunt <mph@astro.caltech.edu>
To: "G. Adam Stanislav" <adam@whizkidtech.net>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/11475: Possible security hazard?
Date: Mon, 3 May 1999 18:33:07 -0700

 On Mon, May 03, 1999 at 08:10:05PM -0500, G. Adam Stanislav wrote:
 
 > While only a superuser can execute the reboot command, any user can
 > accomplish the same thing by pressing ctl-alt-delete.
 
 Not a bug.  A local user can also hit the reset button or kill
 the power or do pretty much anything else.  Physical security is
 your friend.  Don't let untrusted people hang out at the console.
 
 > >Fix:
 > 	
 > Unknown
 
 If you don't want this behavior, edit the keymap that you're
 using.  See (I think) /usr/share/syscons/keymaps/.  It is easily
 changed.
 
 -- 
 Matthew Hunt <mph@astro.caltech.edu> * UNIX is a lever for the
 http://www.pobox.com/~mph/           * intellect. -J.R. Mashey
 
State-Changed-From-To: open->closed 
State-Changed-By: mph 
State-Changed-When: Mon May 3 22:52:10 EDT 1999 
State-Changed-Why:  
Not a bug; the ability to reboot using C-A-Delete can be disabled 
by at least two methods, described in replies to the PR. 

From: "G. Adam Stanislav" <adam@whizkidtech.net>
To: Matthew Hunt <mph@astro.caltech.edu>
Cc: FreeBSD-gnats-submit@FreeBSD.ORG
Subject: Re: misc/11475: Possible security hazard?
Date: Mon, 3 May 1999 21:52:40 -0500

 On Mon, May 03, 1999 at 06:33:07PM -0700, Matthew Hunt wrote:
 > > While only a superuser can execute the reboot command, any user can
 > > accomplish the same thing by pressing ctl-alt-delete.
 > 
 > Not a bug.  A local user can also hit the reset button or kill
 > the power or do pretty much anything else.  Physical security is
 > your friend.  Don't let untrusted people hang out at the console.
 
 I think there is a difference: You can lock up the CPU, thus preventing
 access to the reset button and the plug, but you cannot lock up the console.
 If you are teaching people how to use computers in a class, they can press
 the ctl-alt-del combination because they do not know any better (especially
 if they come from Windows background), not because they are malicious or
 untrusted.
 
 > If you don't want this behavior, edit the keymap that you're
 > using.  See (I think) /usr/share/syscons/keymaps/.  It is easily
 > changed.
 
 OK, thanks. It is really not a problem for me, I simply noticed it, and was
 trying to be helpful by reporting it. I am glad to hear it can be changed. :-)
 I still think it would make sense if *by default* this were set up so it
 only works for the superuser and only available to the regular user if the
 administrator changes the defaults. Anyway, it's no big deal...
 
 Thanks,
 
 Adam
 

From: Matthew Hunt <mph@astro.caltech.edu>
To: "G. Adam Stanislav" <adam@whizkidtech.net>
Cc: FreeBSD-gnats-submit@freebsd.org
Subject: Re: misc/11475: Possible security hazard?
Date: Mon, 3 May 1999 19:58:58 -0700

 On Mon, May 03, 1999 at 09:52:40PM -0500, G. Adam Stanislav wrote:
 
 > I still think it would make sense if *by default* this were set up so it
 > only works for the superuser and only available to the regular user if the
 > administrator changes the defaults. Anyway, it's no big deal...
 
 I don't have much of an opinion on this issue.  I think that the
 default, as-is, is consistent with the notion that if you're going
 to allow users to sit at the console, you have to do some extra work
 (lock up the case, etc.) to make it more secure.  But you do have
 a valid point that a different default behavior could prevent
 accidental reboots.
 
 I closed the PR just before getting your email with clarified your
 position.  If you want it re-opened, let me know, but I'm too
 ambivalent to be the one who makes the change. :-)
 
 -- 
 Matthew Hunt <mph@astro.caltech.edu> * Inertia is a property
 http://www.pobox.com/~mph/           * of matter.
 
>Unformatted:
