[PATCH] sysrq: Allow access to sensitive keys to be restricted bydefault

From: Ben Hutchings
Date: Sun Sep 29 2013 - 21:31:18 EST

From: Bastian Blank <waldi@xxxxxxxxxx>

Add a Kconfig variable to set the initial value of the Magic SysRq mask
(sysctl: kernel.sysrq).

Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
This has been in Debian for a while, but should probably be signed-off
by Bastian as well.

Debian sets this to 0x01b6, which excludes.

8 - enable debugging dumps of processes etc.
64 - enable signalling of processes (term, kill, oom-kill)


--- a/include/linux/sysrq.h
+++ b/include/linux/sysrq.h
@@ -18,7 +18,7 @@
#include <linux/types.h>

/* Enable/disable SYSRQ support by default (0==no, 1==yes). */

/* Possible values of bitmask for enabling sysrq functions */
/* 0x0001 is reserved for enable everything */
--- a/lib/Kconfig.debug
+++ b/lib/Kconfig.debug
@@ -312,6 +312,14 @@ config MAGIC_SYSRQ
keys are documented in <file:Documentation/sysrq.txt>. Don't say Y
unless you really know what this hack does.

+ hex "Default mask for Magic SysRq keys on the console"
+ depends on MAGIC_SYSRQ
+ default 1
+ help
+ Specifies the default mask for the allowed SysRq keys. This can be
+ used to disable several sensitive keys by default.
bool "Kernel debugging"

Ben Hutchings
Life is like a sewer:
what you get out of it depends on what you put into it.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/