From: bribbeck@exucom.com (Bob Ribbeck)
Subject: How do you stop ctrl-alt-del
Date: 29 Nov 92 07:57:43 GMT


  Does anyone know how to stop ctrl-alt-delete so only root can reboot
linux?

From: mrhoten@cs.stanford.edu (Matthew X. Rhoten)
Subject: Re: How do you stop ctrl-alt-del
Date:  2 Dec 92 21:08:56 GMT

evansmp@uhura.aston.ac.uk (Mark Evans) writes:
>If you mean only when the current VC has a root login, then this is rather
>more complex to do. (it also risks making the kernel code very messy)

Turning CAD on and off is pretty easy; all you need to do is make a
special call to reboot(). This has to be done as superuser, naturally.
Making it so CAD works iff you are superuser is somewhat harder; that
involves hacking on the kernel.

I wrote a small C program to turn CAD on and off on my machine;
here's its text:

/* clrcad - turn CAD on and off
   usage is clrcad (turns CAD off)
         or clrcad -off (same)
         or clrcad -on (turns CAD on)
*/
         
#include <stdio.h>

extern reboot(int, int, int);

void usage(char *);

int main(int argc, char *argv[])
{
  int res;
  int flag = 0;

  if (argc > 2)
    usage(argv[0]);
  else if (argc == 2) {         /* defaults to -off */
    if (!strcmp(argv[1], "-on"))
      flag = 0x89ABCDEF;        /* see ...linux/kernel/sys.c, reboot() */
    else if (strcmp(argv[1], "-off"))
      usage(argv[0]);
  }

  res = reboot(0xFEE1DEAD, 672274793, flag);
  if (res < 0)
    perror(argv[0]);
  else
    printf("Ctrl-Alt-Del is %s.\n", flag ? "on" : "off");
  return 0;
}

void usage (char *progname)
{
  fprintf(stderr, "%s: usage: %s [-on|-off]\n", progname, progname);
  exit(1);
}

This works fairly handily. Either run it as root or make it setuid.
(If you're interested in keeping reboot doable only by root, then run
it as root.) Calling reboot with those parameters messes with a kernel
flag called C_A_D, which is used by ctrl_alt_del. You could also hack
on ctrl_alt_del() in kernel/sys.c and have it check suser(), which my
version doesn't do (.97.5, haven't checked .98.5.) A modified version
would look something like

void ctrl_alt_del(void)
{
        if (C_A_D && suser())
                hard_reset_now();
        else
                send_sig(SIGINT,task[1],1);
}

Naturally, if you do this, you don't need the little program from
above. I haven't run this patch on my kernel, only the program from
above, so can't guarantee it's correct.

Hope this helps things.
 -matt
-- 
Matthew Rhoten | mrhoten@cs.stanford.edu | m_rhoten@leland.stanford.edu
"When Adam and Eve first saw each other, that's when the blues started."
 -John Lee Hooker

From: s_titz@ira.uka.de (Olaf Titz)
Subject: Re: How do you stop ctrl-alt-del
Date: 3 Dec 92 16:03:22 GMT

In article <mrhoten.723330536@Xenon.Stanford.EDU> 
mrhoten@cs.stanford.edu (Matthew X. Rhoten) writes:

[disabling CAD]
>...
>You could also hack
>on ctrl_alt_del() in kernel/sys.c and have it check suser(), which my
>version doesn't do (.97.5, haven't checked .98.5.) A modified version
>would look something like
>
>void ctrl_alt_del(void)
>{
>       if (C_A_D && suser())
>               hard_reset_now();
>       else
>               send_sig(SIGINT,task[1],1);
>}

This will SIGINT init when you press CAD and are not root, which will
(depending on the version of init) result in a reboot anyway, so
nothing is gained. The only difference is that init has the chance of
doing a proper sync() while hard_reset_now() is a good filesystem
crasher. 

I prefer a completely different approach: rebooting is done ONLY with
a special program like the one you mentioned. (reboot/halt from SLS -
but does anybody know why it messes up on its output?)
The kernel is modified to signal SIGKILL (!) all processes associated
with the current VC when pressing CAD. This will usually result in an
immediate, forced logout of the current session without affecting
other processes (which in the past has solved most of my hangs from
memory hog).

I'll post the necessary kernel modifications tomorrow.

Olaf
-- 
| Olaf Titz - comp.sc.student  |   o     | uknf@dkauni2.bitnet | old address |
| univ. of karlsruhe - germany |  _>\ _  | s_titz@ira.uka.de   | is still    |
| +49-721-60439                | (_)<(_) | praetorius@irc      | valid       |
   "Stop talkin' and start chalkin'!" - Eight Ball Deluxe

From: mrhoten@cs.stanford.edu (Matthew Q. Rhoten)
Subject: Re: How do you stop ctrl-alt-del
Date:  5 Dec 92 02:07:19 GMT

That sounds like a good solution. (I wasn't aware of the semantics
of SIGINT.) It's trivial to hack on it to make CAD to absolutely
nothing unless you're root, of course.

It seems to me that syncing should be independent of this stuff -
after all, reboot/halt don't sync.

 -matt
-- 
Matthew Rhoten | mrhoten@cs.stanford.edu | m_rhoten@leland.stanford.edu
"When Adam and Eve first saw each other, that's when the blues started."
 -John Lee Hooker

From: s_titz@ira.uka.de (Olaf Titz)
Subject: Re: How do you stop ctrl-alt-del
Date: 7 Dec 1992 12:29:54 GMT

In article <mrhoten.723521239@Xenon.Stanford.EDU> 
mrhoten@cs.stanford.edu (Matthew Q. Rhoten) writes:
>
>It seems to me that syncing should be independent of this stuff -
>after all, reboot/halt don't sync.

Really? I would consider this a SEVERE error.

Can anyone with knowledge of the source confirm this (and again, why
is its output garbled) ?

Olaf
-- 
| Olaf Titz - comp.sc.student  |   o     | uknf@dkauni2.bitnet | old address |
| univ. of karlsruhe - germany |  _>\ _  | s_titz@ira.uka.de   | is still    |
| +49-721-60439                | (_)<(_) | praetorius@irc      | valid       |
  "My heart is human - my blood is boiling - my brain IBM" - Mr. Roboto

From: sct@dcs.ed.ac.uk (Stephen Tweedie)
Subject: Re: How do you stop ctrl-alt-del
Date: 7 Dec 92 15:11:48 GMT

In article <mrhoten.723521239@Xenon.Stanford.EDU>, 
mrhoten@cs.stanford.edu (Matthew Q. Rhoten) writes:
> Originator: mrhoten@Xenon.Stanford.EDU

> That sounds like a good solution. (I wasn't aware of the semantics
> of SIGINT.) It's trivial to hack on it to make CAD to absolutely
> nothing unless you're root, of course.

> It seems to me that syncing should be independent of this stuff -
> after all, reboot/halt don't sync.

Indeed they do - just after disabling logins and sending a signal
(SIGHUP?) to init to kill off existing logins.  Come to think of it, I
seem to remember that shutdown sends init two signals; a SIGHUP to
wind down gracefully, followed by a SIGTERM/SIGKILL/something-like-
that to forcibly kill any processes which ignored the polite warning.

As far as I am aware, reboot/halt/shutdown are pretty safe methods of
bringing down a running Linux box, even if it is actively in use; I
have certainly never had any problems rebooting without syncing.  The
only potential problem I can think of is that background daemons which
access the root partition might just write to the filing system after
the last sync(); offhand, I can't remember enough about the shutdown
process to say whether such processes would indeed be killed by
shutdown.  Any offers?

---
Stephen Tweedie <sct@uk.ac.ed.dcs>   (Internet: <sct@dcs.ed.ac.uk>)
Department of Computer Science, Edinburgh University, Scotland.