[kernel] r15150 - in dists/trunk/linux-2.6/debian: . config patches/debian patches/series

Bastian Blank waldi at alioth.debian.org
Sun Feb 14 15:14:48 UTC 2010 

Author: waldi
Date: Sun Feb 14 15:11:35 2010
New Revision: 15150

Log:
Restrict access to sensitive SysRq keys by default

* debian/changelog: Update.
* debian/config/config: Set MAGIC_SYSRQ_DEFAULT_MASK.
* debian/patches/debian/sysrq-mask.patch, debian/patches/series/9:
  Add new patch.

Added:
   dists/trunk/linux-2.6/debian/patches/debian/sysrq-mask.patch
Modified:
   dists/trunk/linux-2.6/debian/changelog
   dists/trunk/linux-2.6/debian/config/config
   dists/trunk/linux-2.6/debian/patches/series/9

Modified: dists/trunk/linux-2.6/debian/changelog
==============================================================================
--- dists/trunk/linux-2.6/debian/changelog	Sat Feb 13 12:25:52 2010	(r15149)
+++ dists/trunk/linux-2.6/debian/changelog	Sun Feb 14 15:11:35 2010	(r15150)
@@ -1,4 +1,4 @@
-linux-2.6 (2.6.32-9) unstable; urgency=low
+linux-2.6 (2.6.32-9) UNRELEASED; urgency=low
 
   [ Ben Hutchings ]
   * Do not build obsolete lgs8gl5 driver
@@ -7,6 +7,9 @@
   [ maximilian attems]
   * Postinst don't refercence k-p related manpage. (Closes: #542208)
 
+  [ Bastian Blank ]
+  * Restrict access to sensitive SysRq keys by default.
+
  -- Ben Hutchings <ben at decadent.org.uk>  Fri, 12 Feb 2010 02:59:33 +0000
 
 linux-2.6 (2.6.32-8) unstable; urgency=high

Modified: dists/trunk/linux-2.6/debian/config/config
==============================================================================
--- dists/trunk/linux-2.6/debian/config/config	Sat Feb 13 12:25:52 2010	(r15149)
+++ dists/trunk/linux-2.6/debian/config/config	Sun Feb 14 15:11:35 2010	(r15150)
@@ -3279,6 +3279,8 @@
 CONFIG_ENABLE_WARN_DEPRECATED=y
 CONFIG_ENABLE_MUST_CHECK=y
 CONFIG_MAGIC_SYSRQ=y
+#. everything except {DUMP SIGNAL}
+CONFIG_MAGIC_SYSRQ_DEFAULT_MASK=0x01b6
 CONFIG_STRIP_ASM_SYMS=y
 CONFIG_UNUSED_SYMBOLS=y
 CONFIG_DEBUG_FS=y

Added: dists/trunk/linux-2.6/debian/patches/debian/sysrq-mask.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/trunk/linux-2.6/debian/patches/debian/sysrq-mask.patch	Sun Feb 14 15:11:35 2010	(r15150)
@@ -0,0 +1,32 @@
+diff --git a/drivers/char/sysrq.c b/drivers/char/sysrq.c
+index 44203ff..964bab1 100644
+--- a/drivers/char/sysrq.c
++++ b/drivers/char/sysrq.c
+@@ -43,7 +43,7 @@
+ #include <asm/irq_regs.h>
+ 
+ /* Whether we react on sysrq keys or just ignore them */
+-int __read_mostly __sysrq_enabled = 1;
++int __read_mostly __sysrq_enabled = CONFIG_MAGIC_SYSRQ_DEFAULT_MASK;
+ 
+ static int __read_mostly sysrq_always_enabled;
+ 
+diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug
+index 234ceb1..415a834 100644
+--- a/lib/Kconfig.debug
++++ b/lib/Kconfig.debug
+@@ -50,6 +50,14 @@ config MAGIC_SYSRQ
+ 	  keys are documented in <file:Documentation/sysrq.txt>. Don't say Y
+ 	  unless you really know what this hack does.
+ 
++config MAGIC_SYSRQ_DEFAULT_MASK
++	hex "Default mask for Magic SysRq keys on the console"
++	depends on MAGIC_SYSRQ
++	default 1
++	help
++	  Specifies the default mask for the allowed SysRq keys.  This can be
++	  used to disable several sensitive keys by default.
++
+ config STRIP_ASM_SYMS
+ 	bool "Strip assembler-generated symbols during link"
+ 	default n

Modified: dists/trunk/linux-2.6/debian/patches/series/9
==============================================================================
--- dists/trunk/linux-2.6/debian/patches/series/9	Sat Feb 13 12:25:52 2010	(r15149)
+++ dists/trunk/linux-2.6/debian/patches/series/9	Sun Feb 14 15:11:35 2010	(r15150)
@@ -1 +1,2 @@
 + bugfix/all/cxusb-dont-select-lgs8gl5.patch
++ debian/sysrq-mask.patch

More information about the Kernel-svn-changes mailing list