On Wed, 25.02.15 11:16, Chris Adams (linux@xxxxxxxxxxx) wrote: > Once upon a time, Lennart Poettering <mzerqung@xxxxxxxxxxx> said: > > We generally default "secure". The thing is that with sysrq you can > > kill arbitrary processes if you have acecss to the console, and other > > things, and that's just too security sensitive. > > There are other useful things, like sync, remount read-only, reboot, > poweroff, that we already allow console users to do other ways by > default. Allowing them to do them through SysRq seems like a good idea > IMHO. Hmm? Syncing is allowed to my knowledge. C-a-d and gdm allow a clean reboot/poweroff. But sysrq does an abnormal reboot/poweroff, which we cannot allow. Similar, remounting read-only is also security senstive, which we cannot allow. Without being logged in there's very little you can do on a host right now, and sysrq should not open up more there by default. Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
