Am 25.02.2015 um 21:38 schrieb Zdenek Kabelac:
Dne 25.2.2015 v 18:44 Reindl Harald napsal(a):Am 25.02.2015 um 18:37 schrieb Paul Wouters:On Wed, 25 Feb 2015, Lennart Poettering wrote:Hmm? Syncing is allowed to my knowledge. C-a-d and gdm allow a clean reboot/poweroff. But sysrq does an abnormal reboot/poweroff, which we cannot allow. Similar, remounting read-only is also security senstive, which we cannot allow. Without being logged in there's very little you can do on a host right now, and sysrq should not open up more there by default.You must have forgotten your university days.... The alternative to not being able to sync-umount-boot using sysrq is to flip the switch. I'd rather have them use sysrq. I said it when they closed X ctrl-alt-backspace and I'll say it now. When you are on console with the power plug, preventing these actions is stupidwhen you are on a machine where you have pysical only keyboard and mouse it is not - not every PC stands in front of your face - think about kiosk mode and so on...When I read such answers - I always wonder myself - how many kiosk ever run Fedora... It's such a bad idea to optimize Fedora for one-in-milion users and those 999.999 has to suffer instead of require 1 guy to configure more secure version
you can be sure that the need for sysrq is the one-in-milion users just because i am a *heavy user* with a lot of setups and used it 4 times in the past 12 years while restricted it to "kernel.sysrq = 20" long before the systemd change
it's such a bad idea to *not* optimize out-of-the box for securitythe ones which don't care can disable it, most won't care, nor have a need nor do they even know about a lot of things - this users are also not in the position to fix bad security defaults because they have no idea about it
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
