Re: begone ctrlaltdel!
I changed my line to ca:12345:ctrlaltdel:/bin/echo "Won't work" (The line echo outputs is changed different, but means the same, it's dutch..) Ron Rademaker On Sun, 9 Jul 2000, Mike Werner wrote: > Bob Bernstein wrote: > > > I had in mind 'none' in the sense of "no one can use Ctrl-Alt-Del." Without > > the -a switch it's available to everyone. (Am I missing something here?) > > In other words you want to completely disable the Ctrl-Alt-Del combo? I'm > not sure if this would work, but perhaps changing: > > ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now > > to > > ca:12345:ctrlaltdel:/bin/false > > or something like that? Or perhaps replace /bin/false with the path to a > shell script that put saomething like: > Permission denied! Go away! > onto stdout. > -- > Mike Werner KA8YSD | "Where do you want to go today?" > | "As far from Redmond as possible!" > '91 GS500E| > Morgantown WV | Only dead fish go with the flow. > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null >
Re: begone ctrlaltdel!
On Sun, Jul 09, 2000 at 01:35:12PM -0800, Ethan Benson wrote: > (if you want to see something interesting though try this: fakeroot > /sbin/shutdown -r now) The hard drive spun, a beep was emitted, and the process ground to a stunning halt. I am deciphering the error messages now. All kidding aside, that is an educational exercise in the present context. > it is also debian policy that all binaries have 0755 permissions when > non-suid for the above reason, and suid binaries must have world read > permission at a minimum (no 4111 or 4711 type permissions) again for > the same reason, anyone can get and read the file out of a .deb. Thanks. Much light shed. This list is the *best*. -- Bob Bernstein | No country with a McDonald's outlet has at | ever gone to war with another. Esmond, R.I., USA | -- James Langton
Re: begone ctrlaltdel!
Bob Bernstein wrote: > I had in mind 'none' in the sense of "no one can use Ctrl-Alt-Del." Without > the -a switch it's available to everyone. (Am I missing something here?) In other words you want to completely disable the Ctrl-Alt-Del combo? I'm not sure if this would work, but perhaps changing: ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now to ca:12345:ctrlaltdel:/bin/false or something like that? Or perhaps replace /bin/false with the path to a shell script that put saomething like: Permission denied! Go away! onto stdout. -- Mike Werner KA8YSD | "Where do you want to go today?" | "As far from Redmond as possible!" '91 GS500E| Morgantown WV | Only dead fish go with the flow.
Re: begone ctrlaltdel!
Hi! On Sun, 09 Jul 2000, Bob Bernstein wrote: > I suppose the moral of the story is, "Don't leave root logins unattended." > (But wouldn't it be simpler to have, as a possible line in > /etc/shutdown.allow, "none"?) May I quote the man page[1]? [...] If shutdown is called with the -a argument (add this to the invocation of shutdown in /etc/inittab), it checks to see if the file /etc/shutdown.allow is present. It then compares the login names in that file with the list of people that are logged in on a virtual console (from /var/run/utmp). Only if one of those authorized users or root is logged in, it will proceed. [] So, why put none, or bin or anything it, if what counts is the mere existense of the file. And if root is logged in, shutdown always succeds. Just my EUR 0.0.2 yours, peter 1. Hehe, as if you could stop me :) -- PGP encrypted messages preferred. http://www.cosy.sbg.ac.at/~ppalfrad/ pgpDUyOqhlCBr.pgp Description: PGP signature
Re: begone ctrlaltdel!
On Sun, Jul 09, 2000 at 08:27:20PM +, Miquel van Smoorenburg wrote: > >Which brings me to ask, is there a reason shutdown > >has -rwxr-xr-x perms? > > Why not ? If you aren't root you can execute it but it won't > do anything useful.. Ummm...yup. And with that I have met my quota for dumb questions this week!! Thanks. -- Bob Bernstein | KILL THE BODY AND THE HEAD WILL DIE. at | -- Dr. Hunter S. Thompson Esmond, R.I., USA |
Re: begone ctrlaltdel!
On Sun, Jul 09, 2000 at 03:13:11PM -0400, Bob Bernstein wrote: > > I had in mind 'none' in the sense of "no one can use Ctrl-Alt-Del." Without > the -a switch it's available to everyone. (Am I missing something here?) you could put one of the system account names in /etc/shutdown.allow say bin who cannot login anyway. but if commenting out the inittab line is the same as disabling control-alt-delete that would work just as well. > Quite apart from all this, any user who knows the path '/sbin/shutdown' can > execute it, at least with the permissions shutdown has by default. > Eliminating this kind of possibility was the reason I started looking into > the ctrlaltdel business. Which brings me to ask, is there a reason shutdown > has -rwxr-xr-x perms? [EMAIL PROTECTED] eb]$ /sbin/shutdown -r now shutdown: must be root. [EMAIL PROTECTED] eb]$ so long as a program does not have any s bits set thier is no advanatage to restricting its permissions. afterall anyone can download the sysvinit .deb, extract the shutdown program and execute it with the same permission as my above example. (if you want to see something interesting though try this: fakeroot /sbin/shutdown -r now) the only time restricting program permissions is worthwhile is when there are s bits set or perhaps in the case of the compiler (which is more difficult to install into the users' userland.) for the compiler one should change permissions on /usr/lib/gcc as well. it is also debian policy that all binaries have 0755 permissions when non-suid for the above reason, and suid binaries must have world read permission at a minimum (no 4111 or 4711 type permissions) again for the same reason, anyone can get and read the file out of a .deb. -- Ethan Benson http://www.alaska.net/~erbenson/ pgplfGhCofY0j.pgp Description: PGP signature
Re: begone ctrlaltdel!
In article <[EMAIL PROTECTED]>, Bob Bernstein <[EMAIL PROTECTED]> wrote: >> >(But wouldn't it be simpler to have, as a possible line in >> >/etc/shutdown.allow, "none"?) >> >> Simply don't use the -a switch then. > >I had in mind 'none' in the sense of "no one can use Ctrl-Alt-Del." Without >the -a switch it's available to everyone. (Am I missing something here?) Ok, in that case, simply comment out the shutdown line in /etc/inittab >Quite apart from all this, any user who knows the path '/sbin/shutdown' can >execute it, at least with the permissions shutdown has by default. >Eliminating this kind of possibility was the reason I started looking into >the ctrlaltdel business. Which brings me to ask, is there a reason shutdown >has -rwxr-xr-x perms? Why not ? If you aren't root you can execute it but it won't do anything useful.. Mike.
Re: begone ctrlaltdel!
On Sun, Jul 09, 2000 at 05:45:42PM +, Miquel van Smoorenburg wrote: > But.. you have an open root shell! That someone presses ctrl-alt-del is > the least of your worries, they could simply enter "shutdown -r now". > Or "rm -rf /". Or "echo 'toor::0:0::/:" >> /etc/passwd. Or I guess I had in the mind a scenario wherein someone, apparently with their back to a terminal, could in about two seconds twist around, hit ctrlaltdel, and twist back with an innocent look on their face and their arms folded across their chest. The other commands, above, would take some time. > >I suppose the moral of the story is, "Don't leave root logins unattended." > >(But wouldn't it be simpler to have, as a possible line in > >/etc/shutdown.allow, "none"?) > > Simply don't use the -a switch then. I had in mind 'none' in the sense of "no one can use Ctrl-Alt-Del." Without the -a switch it's available to everyone. (Am I missing something here?) Quite apart from all this, any user who knows the path '/sbin/shutdown' can execute it, at least with the permissions shutdown has by default. Eliminating this kind of possibility was the reason I started looking into the ctrlaltdel business. Which brings me to ask, is there a reason shutdown has -rwxr-xr-x perms? -- Bob Bernstein | When you use some wickedly cool and at | obscure feature of the language, you Esmond, R.I., USA | reduce the number of potential readers | of your code. -- Paul Prescod
Re: begone ctrlaltdel!
In article <[EMAIL PROTECTED]>, Bob Bernstein <[EMAIL PROTECTED]> wrote: >I am finding the latter to be correct here. The '-a' arg to shutdown strikes >me as not very useful, since the presence of a root login will circumvent >whatever is in /etc/shutdown.allow. It would seem to me that it is precisely >_when_ root is logged in that an inadvertant or unauthorized ctrlaltdel >reboot would be most unwelcome. But.. you have an open root shell! That someone presses ctrl-alt-del is the least of your worries, they could simply enter "shutdown -r now". Or "rm -rf /". Or "echo 'toor::0:0::/:" >> /etc/passwd. Or >I suppose the moral of the story is, "Don't leave root logins unattended." >(But wouldn't it be simpler to have, as a possible line in >/etc/shutdown.allow, "none"?) Simply don't use the -a switch then. Mike.
Re: begone ctrlaltdel!
On Sun, Jul 09, 2000 at 01:33:42PM +0300, Lehel Bernadt wrote: > On 09-Jul-2000 Ethan Benson wrote: > > i am uncertain what control-alt-delete will do if you comment this > > out, it might revert to DOS/Windows behaviour of rebooting the machine > > uncleanly... > > No, it certainly won't. When this line is commented out, ctr-alt-del does > nothing. I am finding the latter to be correct here. The '-a' arg to shutdown strikes me as not very useful, since the presence of a root login will circumvent whatever is in /etc/shutdown.allow. It would seem to me that it is precisely _when_ root is logged in that an inadvertant or unauthorized ctrlaltdel reboot would be most unwelcome. I suppose the moral of the story is, "Don't leave root logins unattended." (But wouldn't it be simpler to have, as a possible line in /etc/shutdown.allow, "none"?) -- Bob Bernstein | As for systems that are not like Unix, at | such as MSDOS, Windows, the Macintosh, Esmond, R.I., USA | VMS, and MVS, supporting them is | usually so much work that it is better | if you don't.-- Richard | Stallman "GNU Coding Standards"
Re: begone ctrlaltdel!
Hi, actualy, it depends on how your distrib is configured: sometimes, it does nothing, sometimes, it reboots cleanly your computer. There's a file to change but I don't remember which one. "They were at the wrong place in the worng time. Naturally, they became heroes." Leia Organa of Aldoraan, senator. - Visit me: http://altern.org/neuromancien/mainpage.htm - Original Message - From: Lehel Bernadt <[EMAIL PROTECTED]> To: Sent: Sunday, July 09, 2000 12:33 PM Subject: Re: begone ctrlaltdel! > > On 09-Jul-2000 Ethan Benson wrote: > > On Sat, Jul 08, 2000 at 11:43:44PM -0400, Bob Bernstein wrote: > >> Suppose I want to dis-able the three fingered salute. Is it sufficient to > >> simply comment out this line in /etc/inittab: > >> > >> # What to do when CTRL-ALT-DEL is pressed. > >> ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now > > > > i am uncertain what control-alt-delete will do if you comment this > > out, it might revert to DOS/Windows behaviour of rebooting the machine > > uncleanly... > > No, it certainly won't. When this line is commented out, ctr-alt-del does > nothing. > > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > >
Re: begone ctrlaltdel!
On 09-Jul-2000 Ethan Benson wrote: > On Sat, Jul 08, 2000 at 11:43:44PM -0400, Bob Bernstein wrote: >> Suppose I want to dis-able the three fingered salute. Is it sufficient to >> simply comment out this line in /etc/inittab: >> >> # What to do when CTRL-ALT-DEL is pressed. >> ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now > > i am uncertain what control-alt-delete will do if you comment this > out, it might revert to DOS/Windows behaviour of rebooting the machine > uncleanly... No, it certainly won't. When this line is commented out, ctr-alt-del does nothing.
Re: begone ctrlaltdel!
i like to remap ctrl-alt-del to go to runlevel 1, i set: ca:12345:ctrlaltdel:/sbin/init 1 i find it quite useful if something in startup hangs i can just go straight to runlevel 1 or if something crashes i can go there easily too, much faster then a reboot for me(it takes my machine a full 2 minutes from power on to stat to boot linux) nate On Sat, 8 Jul 2000, Bob Bernstein wrote: poobah >Suppose I want to dis-able the three fingered salute. Is it sufficient to poobah >simply comment out this line in /etc/inittab: poobah > poobah ># What to do when CTRL-ALT-DEL is pressed. poobah >ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now poobah > poobah >or should another command be substituted for /sbin/shutdown, and if so, which poobah >one? poobah > poobah > poobah >-- poobah >Bob Bernstein http://www.ruptured-duck.com poobah > poobah > poobah > poobah >-- poobah >Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null poobah > ::: http://www.aphroland.org/ http://www.linuxpowered.net/ [EMAIL PROTECTED] 1:35am up 29 days, 12:09, 1 user, load average: 0.02, 0.02, 0.00
Re: begone ctrlaltdel!
On Sat, Jul 08, 2000 at 11:43:44PM -0400, Bob Bernstein wrote: > Suppose I want to dis-able the three fingered salute. Is it sufficient to > simply comment out this line in /etc/inittab: > > # What to do when CTRL-ALT-DEL is pressed. > ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now i am uncertain what control-alt-delete will do if you comment this out, it might revert to DOS/Windows behaviour of rebooting the machine uncleanly... > or should another command be substituted for /sbin/shutdown, and if so, which > one? echo root > /etc/shutdown.allow and leave inittab alone. that way control-alt-delete will only work if root is logged into the console. (that is what the -a switch to shutdown does) -- Ethan Benson http://www.alaska.net/~erbenson/ pgp61B3ND8O5K.pgp Description: PGP signature
begone ctrlaltdel!
Suppose I want to dis-able the three fingered salute. Is it sufficient to simply comment out this line in /etc/inittab: # What to do when CTRL-ALT-DEL is pressed. ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now or should another command be substituted for /sbin/shutdown, and if so, which one? -- Bob Bernstein http://www.ruptured-duck.com