In the not-too distant past, one could disable Ctl-Alt-DEL.
Can't do it anymore.
Script started on Thu 07 Apr 2005 10:58:11 AM EDT
[SNIPPED leading stuff...]
mprotect(0xb7fe4000, 28672, PROT_READ|PROT_EXEC) = 0
brk(0) = 0x804a000
brk(0x8053000) = 0x8053000
reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_CAD_OFF) = 0
pause( <unfinished ...>
_exit(0) = ?
# exit
Script done on Thu 07 Apr 2005 10:58:21 AM EDT
Observe that reboot() returns 0 and `strace` understands what
parameters were passed. The result is that, if I hit Ctl-Alt-Del,
`init` will still execute the shutdown-order (INIT 0).
A side note, while researching this problem, I think I found
that LINUX_REBOOT_MAGIC2 is Linus' birthday (in hex). Maybe
the problem is that he no longer observes his birthday?
Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
On Thu, 7 Apr 2005 11:16:14 -0400 (EDT) Richard B. Johnson wrote:
|
| In the not-too distant past, one could disable Ctl-Alt-DEL.
| Can't do it anymore.
What should disabling C_A_D do?
| Script started on Thu 07 Apr 2005 10:58:11 AM EDT
| [SNIPPED leading stuff...]
|
| mprotect(0xb7fe4000, 28672, PROT_READ|PROT_EXEC) = 0
| brk(0) = 0x804a000
| brk(0x8053000) = 0x8053000
| reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_CAD_OFF) = 0
| pause( <unfinished ...>
| _exit(0) = ?
| # exit
| Script done on Thu 07 Apr 2005 10:58:21 AM EDT
What program is that? I'm just echoing 0 | 1 into
/proc/sys/kernel/ctrl-alt-del , is that equivalent?
or have you tried that?
| Observe that reboot() returns 0 and `strace` understands what
| parameters were passed. The result is that, if I hit Ctl-Alt-Del,
| `init` will still execute the shutdown-order (INIT 0).
echo 0 > /proc/sys/kernel/ctrl-alt-del
is same as CAD_OFF
echo 1
is same as CAD_ON
I tested 2.4.28, 2.6.3, 2.6.9, 2.6.11, and all of them behaved
the same way for me. If it's an issue with using a syscall
to change the setting, I'll be glad to look into that too.
observed behaviors:
CAD enabled + C_A_D keys => call machine_reboot()
to reboot quickly, no normal shutdown sequence;
CAD disabled + C_A_D keys => kill init, go thru normal
clean shutdown sequence;
are these the expected behaviors?
| A side note, while researching this problem, I think I found
| that LINUX_REBOOT_MAGIC2 is Linus' birthday (in hex). Maybe
| the problem is that he no longer observes his birthday?
---
~Randy
On Thu, 7 Apr 2005, Randy.Dunlap wrote:
> On Thu, 7 Apr 2005 11:16:14 -0400 (EDT) Richard B. Johnson wrote:
>
> |
> | In the not-too distant past, one could disable Ctl-Alt-DEL.
> | Can't do it anymore.
>
> What should disabling C_A_D do?
>
> | Script started on Thu 07 Apr 2005 10:58:11 AM EDT
> | [SNIPPED leading stuff...]
> |
> | mprotect(0xb7fe4000, 28672, PROT_READ|PROT_EXEC) = 0
> | brk(0) = 0x804a000
> | brk(0x8053000) = 0x8053000
> | reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_CAD_OFF)
> = 0
> | pause( <unfinished ...>
> | _exit(0) = ?
> | # exit
> | Script done on Thu 07 Apr 2005 10:58:21 AM EDT
>
It's a program that executes the __NR_reboot syscall (88) after
putting the documented values into the appropriate registers.
> What program is that? I'm just echoing 0 | 1 into
> /proc/sys/kernel/ctrl-alt-del , is that equivalent?
> or have you tried that?
>
Doesn't matter. Many embedded systems don't have /proc because
they don't have any file-systems.
> | Observe that reboot() returns 0 and `strace` understands what
> | parameters were passed. The result is that, if I hit Ctl-Alt-Del,
> | `init` will still execute the shutdown-order (INIT 0).
>
> echo 0 > /proc/sys/kernel/ctrl-alt-del
> is same as CAD_OFF
> echo 1
> is same as CAD_ON
>
> I tested 2.4.28, 2.6.3, 2.6.9, 2.6.11, and all of them behaved
> the same way for me. If it's an issue with using a syscall
> to change the setting, I'll be glad to look into that too.
>
> observed behaviors:
> CAD enabled + C_A_D keys => call machine_reboot()
> to reboot quickly, no normal shutdown sequence;
> CAD disabled + C_A_D keys => kill init, go thru normal
> clean shutdown sequence;
> are these the expected behaviors?
The expected behavior of the reported operation is for
Ctl-Alt-Del to no longer do anything. If the system-call
has been depreciated, then the call should return -1 and
errno should be ENOSYS. In such a case, I would have
to trap the key-sequence in some other way, not that
I know how without modifying the kernel.
>
> | A side note, while researching this problem, I think I found
> | that LINUX_REBOOT_MAGIC2 is Linus' birthday (in hex). Maybe
> | the problem is that he no longer observes his birthday?
>
> ---
> ~Randy
>
Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
On Thu, 7 Apr 2005 15:46:20 -0400 (EDT) Richard B. Johnson wrote:
| On Thu, 7 Apr 2005, Randy.Dunlap wrote:
|
| > On Thu, 7 Apr 2005 11:16:14 -0400 (EDT) Richard B. Johnson wrote:
| >
| > |
| > | In the not-too distant past, one could disable Ctl-Alt-DEL.
| > | Can't do it anymore.
| >
| > What should disabling C_A_D do?
| >
| > | Script started on Thu 07 Apr 2005 10:58:11 AM EDT
| > | [SNIPPED leading stuff...]
| > |
| > | mprotect(0xb7fe4000, 28672, PROT_READ|PROT_EXEC) = 0
| > | brk(0) = 0x804a000
| > | brk(0x8053000) = 0x8053000
| > | reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_CAD_OFF)
| > = 0
| > | pause( <unfinished ...>
| > | _exit(0) = ?
| > | # exit
| > | Script done on Thu 07 Apr 2005 10:58:21 AM EDT
| >
|
| It's a program that executes the __NR_reboot syscall (88) after
| putting the documented values into the appropriate registers.
Yeah, I understood that much. Just wondering if it was
available somewhere...
| > What program is that? I'm just echoing 0 | 1 into
| > /proc/sys/kernel/ctrl-alt-del , is that equivalent?
| > or have you tried that?
| >
|
| Doesn't matter. Many embedded systems don't have /proc because
| they don't have any file-systems.
It matters if they are equivalent (and I don't have that
program above).
| > | Observe that reboot() returns 0 and `strace` understands what
| > | parameters were passed. The result is that, if I hit Ctl-Alt-Del,
| > | `init` will still execute the shutdown-order (INIT 0).
| >
| > echo 0 > /proc/sys/kernel/ctrl-alt-del
| > is same as CAD_OFF
| > echo 1
| > is same as CAD_ON
| >
| > I tested 2.4.28, 2.6.3, 2.6.9, 2.6.11, and all of them behaved
| > the same way for me. If it's an issue with using a syscall
| > to change the setting, I'll be glad to look into that too.
| >
| > observed behaviors:
| > CAD enabled + C_A_D keys => call machine_reboot()
| > to reboot quickly, no normal shutdown sequence;
| > CAD disabled + C_A_D keys => kill init, go thru normal
| > clean shutdown sequence;
| > are these the expected behaviors?
|
| The expected behavior of the reported operation is for
| Ctl-Alt-Del to no longer do anything. If the system-call
| has been depreciated, then the call should return -1 and
| errno should be ENOSYS. In such a case, I would have
| to trap the key-sequence in some other way, not that
| I know how without modifying the kernel.
Have you looked at 'man 2 reboot'? It seems to agree with
the observed behavior (above).
or where should I look to find documentation of the
expected behavior that you described?
---
~Randy
On Thu, Apr 07, 2005 at 11:16:14AM -0400, Richard B. Johnson wrote:
> In the not-too distant past, one could disable Ctl-Alt-DEL.
> Can't do it anymore.
...
> Observe that reboot() returns 0 and `strace` understands what
> parameters were passed. The result is that, if I hit Ctl-Alt-Del,
> `init` will still execute the shutdown-order (INIT 0).
Actually, if CAD is enabled in the kernel, it will just reboot.
If CAD is disabled in the kernel a SIGINT is sent to pid 1 (/sbin/init).
So what you probably had in the not-too-distant past was a disabled CAD
in the kernel _and_ you had modified the following line in /etc/inittab,
# What to do when CTRL-ALT-DEL is pressed.
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
AFAIK this hasn't ever really changed.
Jan
On Thu, 7 Apr 2005, Randy.Dunlap wrote:
> On Thu, 7 Apr 2005 15:46:20 -0400 (EDT) Richard B. Johnson wrote:
>
> | On Thu, 7 Apr 2005, Randy.Dunlap wrote:
> |
> | > On Thu, 7 Apr 2005 11:16:14 -0400 (EDT) Richard B. Johnson wrote:
> | >
> | > |
> | > | In the not-too distant past, one could disable Ctl-Alt-DEL.
> | > | Can't do it anymore.
> | >
> | > What should disabling C_A_D do?
> | >
> | > | Script started on Thu 07 Apr 2005 10:58:11 AM EDT
> | > | [SNIPPED leading stuff...]
> | > |
> | > | mprotect(0xb7fe4000, 28672, PROT_READ|PROT_EXEC) = 0
> | > | brk(0) = 0x804a000
> | > | brk(0x8053000) = 0x8053000
> | > | reboot(LINUX_REBOOT_MAGIC1, LINUX_REBOOT_MAGIC2, LINUX_REBOOT_CMD_CAD_OFF)
> | > = 0
> | > | pause( <unfinished ...>
> | > | _exit(0) = ?
> | > | # exit
> | > | Script done on Thu 07 Apr 2005 10:58:21 AM EDT
> | >
> |
> | It's a program that executes the __NR_reboot syscall (88) after
> | putting the documented values into the appropriate registers.
>
> Yeah, I understood that much. Just wondering if it was
> available somewhere...
>
> | > What program is that? I'm just echoing 0 | 1 into
> | > /proc/sys/kernel/ctrl-alt-del , is that equivalent?
> | > or have you tried that?
> | >
> |
> | Doesn't matter. Many embedded systems don't have /proc because
> | they don't have any file-systems.
>
> It matters if they are equivalent (and I don't have that
> program above).
>
> | > | Observe that reboot() returns 0 and `strace` understands what
> | > | parameters were passed. The result is that, if I hit Ctl-Alt-Del,
> | > | `init` will still execute the shutdown-order (INIT 0).
> | >
> | > echo 0 > /proc/sys/kernel/ctrl-alt-del
> | > is same as CAD_OFF
> | > echo 1
> | > is same as CAD_ON
> | >
> | > I tested 2.4.28, 2.6.3, 2.6.9, 2.6.11, and all of them behaved
> | > the same way for me. If it's an issue with using a syscall
> | > to change the setting, I'll be glad to look into that too.
> | >
> | > observed behaviors:
> | > CAD enabled + C_A_D keys => call machine_reboot()
> | > to reboot quickly, no normal shutdown sequence;
> | > CAD disabled + C_A_D keys => kill init, go thru normal
> | > clean shutdown sequence;
> | > are these the expected behaviors?
> |
> | The expected behavior of the reported operation is for
> | Ctl-Alt-Del to no longer do anything. If the system-call
> | has been depreciated, then the call should return -1 and
> | errno should be ENOSYS. In such a case, I would have
> | to trap the key-sequence in some other way, not that
> | I know how without modifying the kernel.
>
> Have you looked at 'man 2 reboot'? It seems to agree with
> the observed behavior (above).
> or where should I look to find documentation of the
> expected behavior that you described?
>
man 2 reboot on my system documents the system call interface
through the C runtime library.
Bbuuutttt then tells how glib-C munged it into a one-parameter
'C' call. Hmmm. Maybe it's screwing me. I will check into
this. I don't know why `strace` shows the correct stuff when
I am making the 4-parameter call. Maybe something is really
confused....
Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
On Thu, 7 Apr 2005, Jan Harkes wrote:
> On Thu, Apr 07, 2005 at 11:16:14AM -0400, Richard B. Johnson wrote:
>> In the not-too distant past, one could disable Ctl-Alt-DEL.
>> Can't do it anymore.
> ...
>> Observe that reboot() returns 0 and `strace` understands what
>> parameters were passed. The result is that, if I hit Ctl-Alt-Del,
>> `init` will still execute the shutdown-order (INIT 0).
>
> Actually, if CAD is enabled in the kernel, it will just reboot.
> If CAD is disabled in the kernel a SIGINT is sent to pid 1 (/sbin/init).
>
No, that's not how it ever worked. There are parameters that are
available in the reboot-system call that define the operation that
will occur when the 3-finger salute occurs.
Execute man 2 reboot.
> So what you probably had in the not-too-distant past was a disabled CAD
> in the kernel _and_ you had modified the following line in /etc/inittab,
>
The systems to which I refer do not, and never even had a file-system,
much-less any inittab. That's SYS-V init stuff for interactive access.
> # What to do when CTRL-ALT-DEL is pressed.
> ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
>
> AFAIK this hasn't ever really changed.
>
> Jan
>
The kernel's response (or the 'C' runtime-library interface) has
changed so that it is now possible for somebody at the keyboard
of a machine to destroy the machine's operation by executing
Ctl-Alt-Del. I don't know how long this potential catastrophe
has existed, but when the machine(s) were initially certified
there was no possible way for a user to kill the machine from
the keyboard.
It is possible that a 'C' runtime library was changed in the
tarket so it's not a kernel problem. I'm checking it out now.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
On Thu, Apr 07, 2005 at 04:50:32PM -0400, Richard B. Johnson wrote:
> On Thu, 7 Apr 2005, Jan Harkes wrote:
>
> >On Thu, Apr 07, 2005 at 11:16:14AM -0400, Richard B. Johnson wrote:
> >>In the not-too distant past, one could disable Ctl-Alt-DEL.
> >>Can't do it anymore.
> >...
> >>Observe that reboot() returns 0 and `strace` understands what
> >>parameters were passed. The result is that, if I hit Ctl-Alt-Del,
> >>`init` will still execute the shutdown-order (INIT 0).
> >
> >Actually, if CAD is enabled in the kernel, it will just reboot.
> >If CAD is disabled in the kernel a SIGINT is sent to pid 1 (/sbin/init).
> >
>
> No, that's not how it ever worked. There are parameters that are
> available in the reboot-system call that define the operation that
> will occur when the 3-finger salute occurs.
>
> Execute man 2 reboot.
Take your own advice. From the man page:
LINUX_REBOOT_CMD_CAD_ON
(RB_ENABLE_CAD, 0x89abcdef). CAD is enabled. This means
that the CAD keystroke will immediately cause the action
associated with LINUX_REBOOT_CMD_RESTART.
LINUX_REBOOT_CMD_CAD_OFF
(RB_DISABLE_CAD, 0). CAD is disabled. This means that the CAD
keystroke will cause a SIGINT signal to be sent to init
(process 1), whereupon this process may decide upon a
proper action (maybe: kill all processes, sync, reboot).
--
Daniel Jacobowitz
CodeSourcery, LLC
On Fri, 8 Apr 2005, Daniel Jacobowitz wrote:
> On Thu, Apr 07, 2005 at 04:50:32PM -0400, Richard B. Johnson wrote:
>> On Thu, 7 Apr 2005, Jan Harkes wrote:
>>
>>> On Thu, Apr 07, 2005 at 11:16:14AM -0400, Richard B. Johnson wrote:
>>>> In the not-too distant past, one could disable Ctl-Alt-DEL.
>>>> Can't do it anymore.
>>> ...
>>>> Observe that reboot() returns 0 and `strace` understands what
>>>> parameters were passed. The result is that, if I hit Ctl-Alt-Del,
>>>> `init` will still execute the shutdown-order (INIT 0).
>>>
>>> Actually, if CAD is enabled in the kernel, it will just reboot.
>>> If CAD is disabled in the kernel a SIGINT is sent to pid 1 (/sbin/init).
>>>
>>
>> No, that's not how it ever worked. There are parameters that are
>> available in the reboot-system call that define the operation that
>> will occur when the 3-finger salute occurs.
>>
>> Execute man 2 reboot.
>
> Take your own advice. From the man page:
>
> LINUX_REBOOT_CMD_CAD_ON
> (RB_ENABLE_CAD, 0x89abcdef). CAD is enabled. This means
> that the CAD keystroke will immediately cause the action
> associated with LINUX_REBOOT_CMD_RESTART.
>
> LINUX_REBOOT_CMD_CAD_OFF
> (RB_DISABLE_CAD, 0). CAD is disabled. This means that the CAD
> keystroke will cause a SIGINT signal to be sent to init
> (process 1), whereupon this process may decide upon a
> proper action (maybe: kill all processes, sync, reboot).
>
> --
> Daniel Jacobowitz
> CodeSourcery, LLC
>
The 'init' in use is not SYS-V init. Instead, it is the startup
program, mother-of-all-programs, of a complete embedded system
that has no shells, etc. It's just a system that's designed to
make images.
There are handlers in place for all signals, either to ignore
signals or to perform things like X-ON and X-OFF. This 'init'
will never shut down the system. It doesn't know how. It also
ignores any "harmful" signals and, in fact, will never exit
the main program. Again, it doesn't know how. It just forks off
some processes and then sleeps, occasionally waking to
get and throw away the exit-status of some child's
children.
Also, this has been working for many years. It is unknown
how many linux-versions this worked with since it was first
tested with 2.4.x circa 2000 to 2001.
It appears that the 'C' runtime library is now trapping
reboot() and turning it into a single-parameter function
call. It is possible that the correct 4-parameter reboot()
is not even making it to the kernel. I am investigating this.
I made another function called disable() that will directly
make a system-call, thereby bypassing the 'C' runtime library
altogether. I am working on this.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.
It wasn't the kernel.
Many thanks to those who helped me track down this problem.
It seems that the 'C' runtime library was trapping the call
to reboot() which probably should have been _reboot() in
earlier code to prevent this. Anyway, the fix is to call
the kernel directly so it doesn't get blamed for something
it didn't do.
Simple external procedure is attached if anybody else is
interested. It ends up being only 0x30 bytes in length.
Cheers,
Dick Johnson
Penguin : Linux version 2.6.11 on an i686 machine (5537.79 BogoMips).
Notice : All mail here is now cached for review by Dictator Bush.
98.36% of all statistics are fiction.