Enable SysRq?

Chris Adams cmadams at hiwaay.net
Mon Mar 30 20:33:06 UTC 2009


Once upon a time, Bill Nottingham <notting at redhat.com> said:
> If you're honestly arguing that the ability to set the clock equates
> to the ability to kill all processes except init, or the ability to
> immediately reboot the box, then I can see why this thread devolves
> into 200-message madness so quickly.

I'm not saying they are the same.  However, in the Bugzilla ticket for
the clock-applet, the argument was:

   Sorry but all these "security" concerns are completely bullshit since
   this scenario only applies to users logged in at the _local_ console.
   By design, the OS trusts users at the local console. The user might
   as well just use an axe to destroy the machine or boot into single
   user mode and do whatever the hell he wants.

Also, the clock applet isn't the only thing with this security mindset.
The GNOME process app allows users to raise process priority (which is
usually reserved for root).

I'm just saying if "the OS trusts users at the local console" is the
Fedora design, then apply it equally.  The defaults should reflect that
design across the board, and they should be documented somewhere so
people that don't want to trust the console user can adjust them.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.




More information about the fedora-devel-list mailing list