On Tue, Sep 18, 2007 at 06:05:05PM -0400, Ralph Katz wrote: > On 09/18/2007 05:17 PM, David Brodbeck wrote: > > > > On Sep 18, 2007, at 11:19 AM, Ralph Katz wrote: > >> This is a local vulnerability, yes. No worse than pulling the plug. Of > >> course that IS the problem. Only keyboard access is needed for this. > >> > >> To test, I booted a second etch computer which comes up to a gnome > >> desktop, and hit alt-sysrq-i. The display shows a nasty pink colored > >> image... Next was to hit alt-sysrq-b which must be the linux 3-finger > >> salute known to windows people. > > > > Hmm. I see what you're getting at, but is this really any worse than > > the default ctrl-alt-del behavior? (Or is there a security warning > > about that, too?) > > > > Frankly, if someone has physical access, a reboot is just about the > > least of your worries. It's pretty trivial for them to gain root access > > if they have physical access to the hardware. > > It is worse precisely because it's undocumented. The default > ctrl-alt-del behavior is documented, so not an issue. > > One might ask whether the default ON for sysrq is appropriate for > Stable. While I don't think it is, my bigger problem is with the > absence of warnings or user documentation. This is critical for a > distro that cares about its users which is why I filed bug 442512. > Perhaps this is more an issue to me as a non-programmer... > your point is that an undocumented method of rebooting the computer is a security issue not because of the rebooting but because of the lack of documentation of a method of rebooting. I agree. you are right to report this. I'm not sure how I feel about sysrq being on or off by default, but documenting its existence is vastly more important than its default configuration. A
Attachment:
signature.asc
Description: Digital signature