[systemd-devel] [PATCH] Split sysctl 50-default.conf setting file
Kay Sievers
kay at vrfy.org
Mon Dec 2 16:05:28 PST 2013
On Tue, Dec 3, 2013 at 12:55 AM, Mantas Mikulėnas <grawity at gmail.com> wrote:
>
> On Dec 3, 2013 1:51 AM, "Tom Gundersen" <teg at jklm.no> wrote:
>>
>> On Tue, Dec 3, 2013 at 12:04 AM, Kay Sievers <kay at vrfy.org> wrote:
>> > On Mon, Dec 2, 2013 at 11:52 PM, Goffredo Baroncelli
>> > <kreijack at libero.it> wrote:
>> >
>> >> I have ne question: what happens if a sysctl setting is in more than
>> >> one file ? systemd-sysctl is smart enough to write the last value or
>> >> perform several writes ?
>> >
>> > One write only, it logs at "info" level about overwritten values.
>> >
>> >>> Kay explained in IRC that we do not allow such actions, because access
>> >>> to
>> >>> the keyboad doesn't mean full access to the machine, and we default to
>> >>> safe
>> >>> settings. Allowing the reboot though logind is different, because the
>> >>> user
>> >>> must authenticate first to open a session.
>> >>
>> >> Sorry, but I cannot agree: from a theoretical point of view Kay has
>> >> reason. However who has access to the keyboard and not to the "power
>> >> switch" ? If I want to switch the PC and the software cannot allow it,
>> >> I
>> >> unplug the main power...
>> >
>> > The keyboard is surely not the computer itself, the wires or the reset
>> > or power button. Login prompts must not have the ability to trigger
>> > unsafe options with the keyboard alone.
>>
>> It is useful to imagine an internet cafe, a library, or a school,
>> where the user may only have physical access to the keyboard, and not
>> the machine itself.
>
> But logind needs to be reconfigured anyway to disallow reboots in this
> situation, so why would sysctl be different?
No, logind requires an active session of a locally logged-in user.
That is safe enough for a default.
A login prompt only should not be able to do that.
> Also Ctrl-Alt-Del and/or the login manager's Reboot option.
This will go away with when we move to systemd-consoled from kernel
VTs, it can do the same logic as logind.
Kay
More information about the systemd-devel
mailing list