SysRq should be limited by default like openSUSE
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | Baltix |
Undecided
|
Unassigned | ||
| | linux (Ubuntu) |
Undecided
|
Unassigned | ||
| | procps (Ubuntu) |
Medium
|
Unassigned | ||
Bug Description
Description of the problem:
By default SysRq is enabled by default on Ubuntu desktop systems which is invaluable when a system has locked up and you want to stop it as gently as possible or debug the issue. However many people are surprised that you can also ask it to dump the contents of current memory to the console (or dmesg) albeit only from the keyboard.
openSUSE sets a default bitmask of 176 on its SysRq that by default restricts you to sync, reboot and "remount read-only". This stops people using sysrq by default to inspect memory which sounds sensible.
| Sitsofe Wheeler (sitsofe) wrote : | #1 |
| Leann Ogasawara (leannogasawara) wrote : | #2 |
[This is an automated message. Apologies if it has reached you inappropriately.]
This bug was reported against the linux-meta package when it likely should have been reported against the linux package instead. We are automatically transitioning this to the linux kernel package so that the appropriate teams are notified and made aware of this issue. Thanks.
| affects: | linux-meta (Ubuntu) → linux (Ubuntu) |
| kernel-janitor (kernel-janitor) wrote : | #3 |
Hi sitsofe,
Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http://
apport-collect -p linux-image-`uname -r` 194676
Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https:/
Thanks in advance.
[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]
| tags: | added: needs-kernel-logs |
| tags: | added: needs-upstream-testing |
| tags: | added: kj-triage |
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Sitsofe Wheeler (sitsofe) wrote : | #4 |
Still here in Karmic:
Version information:
Ubuntu 9.10 (karmic)
linux-generic-pae 2.6.31.14.27
| tags: | removed: needs-kernel-logs needs-upstream-testing |
| Changed in linux (Ubuntu): | |
| status: | Incomplete → New |
| Charlie Kravetz (charlie-tca) wrote : | #5 |
Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue that you reported is one that should be reproducible with the live environment of the Desktop CD of the development release - Natty Narwhal. It would help us greatly if you could test with it so we can work on getting it fixed in the next release of Ubuntu. You can find out more about the development release at http://
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Launchpad Janitor (janitor) wrote : | #6 |
[Expired for linux (Ubuntu) because there has been no activity for 60 days.]
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Expired |
| Sitsofe Wheeler (sitsofe) wrote : | #7 |
Still here Natty.
Version information:
Ubuntu 11.04 (natty)
Steps to reproduce:
1. Start Ubuntu.
2. Press ctrl-alt-f2.
3. Press Alt-Sysrq-9.
4. Press Alt-Sysrq-p
Expected results:
Nothing to happen.
Actual results:
Current kernel stack trace and register information is printed to the screen.
If you are a bug helper about to mark this bug incomplete please can you try these steps - they are relatively quick to do and should work on all systems with a display. Thank you!
| Changed in linux (Ubuntu): | |
| status: | Expired → New |
This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:
apport-collect 194676
and then change the status of the bug to 'Confirmed'.
If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.
This change has been made by an automated script, maintained by the Ubuntu Kernel Team.
| Changed in linux (Ubuntu): | |
| status: | New → Incomplete |
| Charlie Kravetz (charlie-tca) wrote : | #9 |
Reset to "Confirmed". This bug report does not require any logs. It is explained in the original report.
| Changed in linux (Ubuntu): | |
| status: | Incomplete → Confirmed |
| importance: | Undecided → Low |
| Matt Taggart (taggart) wrote : | #10 |
This is a security issue as someone can use sysrq to disable screen locking and cause other problems.
Debian uses "438" by default in squeeze and newer. Here are some relevant bugs,
http://
http://
The bitmask description documented at
https:/
| Steve Langasek (vorlon) wrote : | #11 |
As Matt points out, SysRq+F seems to allow a user to kill processes they shouldn't be able to, including (possibly) the screensaver. So yeah, I'd say this default is a security problem.
| security vulnerability: | no → yes |
| Changed in linux (Ubuntu): | |
| importance: | Low → Medium |
| Changed in linux (Ubuntu): | |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in procps (Ubuntu): | |
| status: | New → Confirmed |
| assignee: | nobody → Marc Deslauriers (mdeslaur) |
| Changed in linux (Ubuntu): | |
| status: | Confirmed → Invalid |
| assignee: | Marc Deslauriers (mdeslaur) → nobody |
| Changed in procps (Ubuntu): | |
| importance: | Undecided → Medium |
| Changed in linux (Ubuntu): | |
| importance: | Medium → Undecided |
| Marc Deslauriers (mdeslaur) wrote : | #12 |
This is fixed in quantal now.
| Changed in procps (Ubuntu): | |
| status: | Confirmed → Fix Released |
| assignee: | Marc Deslauriers (mdeslaur) → nobody |
Still here in Hardy.
Version information:
Ubuntu hardy (development branch)
linux-image-