Re: [PATCH] More secure SYSRQ for xtables-addons

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tuesday 2008-12-02 02:39, Patrick McHardy wrote:
>> 
>> I want to be able to use SYSRQ to reboot, crash or partially diagnose
>> machines that become unresponsive for one reason or another.   These
>> machines, typically, are blades or rack mounted machines that do not have a
>> PS/2 connection for a keyboard and the old method of wheeling round a "crash
>> trolley" that has a monitor and a keyboard on it no longer works:  USB
>> keyboards rarely, if ever, work because by the time the machine is responding
>> only to a ping, udev is incapable of setting up a new
>> keyboard.g/majordomo-info.html
>
> This module is starting to look kind of useful. Maybe its time for
> a resubmission for review and possibly merging once these patches
> are included.
>
> If we were to merge it, it would also be good to get some feedback
> from the crypto guys about whether the chosen authentication scheme
> meets its claims.
>
It looks similar to RFC 2617 HA1 generation. Should be ok.
In paranoia mode, the administrator can always change the
password after using it (effectively making it some sort of OTP).

On the other hand, xt_SYSRQ could, theoretically, also do a full
three-way authentication instead of the SPA it currently does. But I
think that is a bit of overkill.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux