SysRq should be limited by default like openSUSE

Bug #194676 reported by Sitsofe Wheeler
292
This bug affects 5 people
Affects Status Importance Assigned to Milestone
Baltix
New
Undecided
Unassigned
linux (Ubuntu)
Invalid
Undecided
Unassigned
procps (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Description of the problem:
By default SysRq is enabled by default on Ubuntu desktop systems which is invaluable when a system has locked up and you want to stop it as gently as possible or debug the issue. However many people are surprised that you can also ask it to dump the contents of current memory to the console (or dmesg) albeit only from the keyboard.

openSUSE sets a default bitmask of 176 on its SysRq that by default restricts you to sync, reboot and "remount read-only". This stops people using sysrq by default to inspect memory which sounds sensible.

Tags: kj-triage
Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Still here in Hardy.

Version information:
Ubuntu hardy (development branch)
linux-image-2.6.24-12-generic 2.6.24-12.22

Revision history for this message
Leann Ogasawara (leannogasawara) wrote :

[This is an automated message. Apologies if it has reached you inappropriately.]

This bug was reported against the linux-meta package when it likely should have been reported against the linux package instead. We are automatically transitioning this to the linux kernel package so that the appropriate teams are notified and made aware of this issue. Thanks.

affects: linux-meta (Ubuntu) → linux (Ubuntu)
Revision history for this message
kernel-janitor (kernel-janitor) wrote :

Hi sitsofe,

Please be sure to confirm this issue exists with the latest development release of Ubuntu. ISO CD images are available from http://cdimage.ubuntu.com/releases/ . Please then run following command from a Terminal (Applications->Accessories->Terminal). It will automatically gather and attach updated debug information to this report.

apport-collect -p linux-image-`uname -r` 194676

Also, if you could test the latest upstream kernel available that would be great. It will allow additional upstream developers to examine the issue. Refer to https://wiki.ubuntu.com/KernelMainlineBuilds . Once you've tested the upstream kernel, please remove the 'needs-upstream-testing' tag. This can be done by clicking on the yellow pencil icon next to the tag located at the bottom of the bug description and deleting the 'needs-upstream-testing' text. Please let us know your results.

Thanks in advance.

[This is an automated message. Apologies if it has reached you inappropriately; please just reply to this message indicating so.]

tags: added: needs-kernel-logs
tags: added: needs-upstream-testing
tags: added: kj-triage
Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Still here in Karmic:

Version information:
Ubuntu 9.10 (karmic)
linux-generic-pae 2.6.31.14.27

tags: removed: needs-kernel-logs needs-upstream-testing
Changed in linux (Ubuntu):
status: Incomplete → New
Revision history for this message
Charlie Kravetz (charlie-tca) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. The issue that you reported is one that should be reproducible with the live environment of the Desktop CD of the development release - Natty Narwhal. It would help us greatly if you could test with it so we can work on getting it fixed in the next release of Ubuntu. You can find out more about the development release at http://www.ubuntu.com/testing/ . Thanks again and we appreciate your help.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for linux (Ubuntu) because there has been no activity for 60 days.]

Changed in linux (Ubuntu):
status: Incomplete → Expired
Revision history for this message
Sitsofe Wheeler (sitsofe) wrote :

Still here Natty.

Version information:
Ubuntu 11.04 (natty)

Steps to reproduce:
1. Start Ubuntu.
2. Press ctrl-alt-f2.
3. Press Alt-Sysrq-9.
4. Press Alt-Sysrq-p

Expected results:
Nothing to happen.

Actual results:
Current kernel stack trace and register information is printed to the screen.

If you are a bug helper about to mark this bug incomplete please can you try these steps - they are relatively quick to do and should work on all systems with a display. Thank you!

Changed in linux (Ubuntu):
status: Expired → New
Revision history for this message
Brad Figg (brad-figg) wrote : Missing required logs.

This bug is missing log files that will aid in diagnosing the problem. From a terminal window please run:

apport-collect 194676

and then change the status of the bug to 'Confirmed'.

If, due to the nature of the issue you have encountered, you are unable to run this command, please add a comment stating that fact and change the bug status to 'Confirmed'.

This change has been made by an automated script, maintained by the Ubuntu Kernel Team.

Changed in linux (Ubuntu):
status: New → Incomplete
Revision history for this message
Charlie Kravetz (charlie-tca) wrote :

Reset to "Confirmed". This bug report does not require any logs. It is explained in the original report.

Changed in linux (Ubuntu):
status: Incomplete → Confirmed
importance: Undecided → Low
Revision history for this message
Matt Taggart (taggart) wrote :

This is a security issue as someone can use sysrq to disable screen locking and cause other problems.

Debian uses "438" by default in squeeze and newer. Here are some relevant bugs,

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=562884
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=564080

The bitmask description documented at
https://secure.wikimedia.org/wikipedia/en/wiki/Magic_SysRq_key#Disabling_SysRq_key

Revision history for this message
Steve Langasek (vorlon) wrote :

As Matt points out, SysRq+F seems to allow a user to kill processes they shouldn't be able to, including (possibly) the screensaver. So yeah, I'd say this default is a security problem.

security vulnerability: no → yes
Changed in linux (Ubuntu):
importance: Low → Medium
Changed in linux (Ubuntu):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in procps (Ubuntu):
status: New → Confirmed
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in linux (Ubuntu):
status: Confirmed → Invalid
assignee: Marc Deslauriers (mdeslaur) → nobody
Changed in procps (Ubuntu):
importance: Undecided → Medium
Changed in linux (Ubuntu):
importance: Medium → Undecided
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This is fixed in quantal now.

Changed in procps (Ubuntu):
status: Confirmed → Fix Released
assignee: Marc Deslauriers (mdeslaur) → nobody
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.