| 1 |
Philip Webb <purslow@××××××××.net> writes: |
| 2 |
|
| 3 |
> 150322 Peter Humphrey wrote: |
| 4 |
>> On Sunday 22 March 2015 13:04:44 Nikos Chantziaras wrote: |
| 5 |
>>>> I can reboot the system when I am a user by Ctrl+Alt+Delete. |
| 6 |
>>>> The user can reboot the system, but can't shut down ? Strange |
| 7 |
>>> The thinking is that you can unplug the machine |
| 8 |
>>> or press the hardware reset or power button or flip the PSU switch ... |
| 9 |
>>> Preventing a ctrl+alt+del reboot does not add anything to security. |
| 10 |
>>> Security doesn't apply to users with physical access to the machine. |
| 11 |
>>> However, this is just a default. You can easily disable reboot |
| 12 |
>>> on ctrl+alt+del by editing /etc/inittab and commenting-out this line: |
| 13 |
>>> ca:12345:ctrlaltdel:/sbin/shutdown -r now |
| 14 |
> |
| 15 |
> Testing my single-user box with the above line in inittab , |
| 16 |
> I find that if I enter 'A-^Del' , I exit X to the raw terminal ; |
| 17 |
|
| 18 |
That's usually Ctrl+Alt+Backspace. I had to turn that off with 'Option |
| 19 |
"DontZap" "true"' in the server section of xorg.conf because I somehow |
| 20 |
happen to press that accidentally about once a month :/ |
| 21 |
|
| 22 |
> The 1st effect is explained in ~/.fluxbox/keys by |
| 23 |
> # exit fluxbox |
| 24 |
> Control Mod1 Delete :Exit |
| 25 |
|
| 26 |
So whatever handles keyboard inputs with the X server even intercepts |
| 27 |
Ctrl+Alt+Del? |
| 28 |
|
| 29 |
Does fluxbox quit all programs nicely before it exits? |
| 30 |
|
| 31 |
> However, the 2nd effect is not explained so easily : |
| 32 |
> 'A-^Del' reboots when entered at a raw terminal, |
| 33 |
> but 'shutdown -r now' does not, yet the former is defined as the latter |
| 34 |
> by the line above in my /etc/inittab . |
| 35 |
> |
| 36 |
> The cause seems to be that 'A-^Del' is intercepted by 'init' (Process 1), |
| 37 |
> which is owned by root, but 'shutdown -r now' is heard by Process 910 |
| 38 |
> -- 'bash' running in the raw terminal, which was started by 'init' -- , |
| 39 |
> which is owned by my user. |
| 40 |
> |
| 41 |
> So the behaviour is explained, but following my earlier msg, |
| 42 |
> which advised to follow proper Unix principles, |
| 43 |
> I should comment the 'A-^Del' line in inittab : |
| 44 |
> if the raw terminal can't react to 'su', it won't react to 'A-^Del' either, |
| 45 |
> so there's no justification in terms of escaping from an emergency. |
| 46 |
|
| 47 |
What happens when you comment out the entry in inittab and someone |
| 48 |
presses Ctrl+Alt+Del? Nothing? |
| 49 |
|
| 50 |
>>> pressing the reset button is far worse, since there's no clean shutdown, |
| 51 |
>>> unmounting filesystems after flushing caches, etc. |
| 52 |
> |
| 53 |
> Yes : that's forced only when the keyboard ceases to respond. |
| 54 |
> |
| 55 |
>>> Because of that, the default of allowing ctrl+alt+del for local users |
| 56 |
>>> makes more sense than disabling it. |
| 57 |
> |
| 58 |
> That doesn't follow : if you have multiple users, |
| 59 |
> you don't want some rogue user rebooting randomly ; |
| 60 |
> it makes sense only as a convenience on a single-user system. |
| 61 |
> It seems to be the default behaviour of 'inittab' |
| 62 |
> -- there no comment saying I set it myself, which I would have added -- , |
| 63 |
> which is not appropriate for Gentoo systems in general, |
| 64 |
> some of which are undoubtedly multi-user. |
| 65 |
|
| 66 |
Undefined behaviour as the default also isn't ideal, and I agree that |
| 67 |
"nothing happens" would be much better: |
| 68 |
|
| 69 |
What's the last time you pressed Ctrl+Alt+Del and it actually worked? |
| 70 |
It's a legacy thing from times when freezes/crashes were common and when |
| 71 |
it did work and was useful. |
| 72 |
|
| 73 |
Nowadays, when you're pressing it, usually nothing happens anyway |
| 74 |
because the machine is down to where you have to press the reset button |
| 75 |
or to turn off the power (if you can't log in with ssh). When the |
| 76 |
machine still works, Ctrl+Alt+Del also works, which means that the |
| 77 |
default does nothing but create a security hole. |
| 78 |
|
| 79 |
So how can we have this default changed? |
| 80 |
|
| 81 |
|
| 82 |
-- |
| 83 |
Again we must be afraid of speaking of daemons for fear that daemons |
| 84 |
might swallow us. Finally, this fear has become reasonable. |
Archives