Ctrl-alt-del and Linux



  • In the interest of not hijacking the Eve online thread...

    @morbiuswilters said:

    @tgape said:

    Some time ago, I set a new server up with the latest version of Ubuntu - the first version that uses upstart instead of a more traditional init.  It wasn't intuitively obvious to me how one would change the ctrl-alt-del behavior (only, of course, because I didn't look at all of the filenames in /etc.  That directory's far too overloaded.)  I decided, I'll punt on changing that - surely they have a safe default.

    Some months passed, and then I dropped my keyboard; it happened to flip and press the ctrl-alt-del buttons (not as difficult as it may seem, it's a Kinesis, so they're clustered.  That key cluster hit my foot.)  Bam, system reboot.  In the middle of installing a kernel update.  (Also, I had some moderately extensive code changes I hadn't saved yet in an editor.  Gotta love vim, though; I only lost the last edit.)

    So now that computer waits a minute before rebooting the server in response to ctrl-alt-del, just like all my other boxes.

    Your servers respond to ctrl-alt-del?  WTF?  I have seriously never seen this before.  I know it doesn't work on my personal machines, but now I'm wondering if it will work on some of the other Linux servers I have access to...  I'm tempted to say it absolutely will not and that you are making this all up to fuck with me, but I'm too chickenshit to try it on production machines.  I mean, surely I've accidentally hit ctrl-alt-del on one of these machines before..  but maybe I've just been lucky.

    If you are correct, that is TRWTF; having a single key combination that will restart a server.

    Linux has had support for ctrl-alt-del (as an option) since at least 1996.  I kinda recall it being there in 1995, but that wasn't my computer, and so I'm not as certain of its config.  In general, more cautious distros don't enable it; distros attempting to appeal to the masses do.

    I only allow it because it's generally pretty secure - the only other people who have access to my keyboard wouldn't do that to me.  However, I can see you're clearly out of touch.

    It's not one key combination, it's two - there's also alt-sysrq-b, and that one's much nastier, as it doesn't do any shutdown before hand.  I allow that one because sometimes Magic Sysrq can come in very handy - it's saved me from more problems than it's caused.  That having been said, it's only active on my "dev" machine.  Other boxes are unlikely to run into those circumstances (as, for example, I don't run new, totally untested kernel modules, written or tweaked by someone who really has no business writing kernel modules on those boxes.)

    But, of course, I have to ask, "why would you have to *try* it to see if it was there?"  In most older Linux systems, it's configured in /etc/inittab.  Upstart eliminates all but one function of that file, so if you're on a system that uses upstart, you're looking at /etc/event.d/ctrl-alt-del.  Note that you can have this key sequence do *anything* you know how to make the computer do, not just reboot, as it's just code.  Also note, you can actually remap the key sequence to whatever modifier combo + whatever key - and I've definitely added that to my todo list; it's just not that high of a priority.  Yet.  (I'm thinking quadruple-bucky-F4.  That should be easy to remember.)



  • @tgape said:

    Linux has had support for ctrl-alt-del (as an option) since at least 1996.

    Linux is a kernel.  You're saying that some distros have added as an inittab option, yes?

     

    @tgape said:

    I only allow it because it's generally pretty secure - the only other people who have access to my keyboard wouldn't do that to me.

    I'm not concerned about someone doing it maliciously, I'm concerned about someone doing it accidentally.  Clearly, if someone wants to shutdown a machine they can do it without ctrl-alt-del, but it's not a key combination that could accidentally be pressed (and one which has different uses on other OSes).

     

    @tgape said:

    However, I can see you're clearly out of touch.

    With what?  There are plenty of distros out there; I don't keep up with the options on every obscure one.  And I don't use distros for my personal servers and workstations.

     

    @tgape said:

    But, of course, I have to ask, "why would you have to *try* it to see if it was there?"  In most older Linux systems, it's configured in /etc/inittab.  Upstart eliminates all but one function of that file, so if you're on a system that uses upstart, you're looking at /etc/event.d/ctrl-alt-del.

    Right, and it's not configured on my personal systems.  As for Ubuntu, why would I know where it's supposed to be located?  I don't use it and it could be hidden anywhere.  I didn't try it, I said "I don't want to try it".

     

    @tgape said:

    Note that you can have this key sequence do *anything* you know how to make the computer do, not just reboot, as it's just code.

    Thank you Professor Linux.  Like I didn't fucking know that.  My point is that mapping ctrl-alt-del to restart on production machines is stupid.  Even stupider: making it the default.



  • @morbiuswilters said:

    @tgape said:

    Linux has had support for ctrl-alt-del (as an option) since at least 1996.

    Linux is a kernel.  You're saying that some distros have added as an inittab option, yes?

    Being technically precise, it's supported by GNU init, Canonical's upstart, the loadkeys/dumpkeys programs for Linux, and the fricking Linux kernel:

    %  find linux-2.6.32 -type f -name *.c -print0 |xargs -0 grep -n ctrl_alt_del
    linux-2.6.32/drivers/s390/char/sclp_quiesce.c:49: ctrl_alt_del();
    linux-2.6.32/drivers/char/keyboard.c:47:extern void ctrl_alt_del(void);
    linux-2.6.32/drivers/char/keyboard.c:591: ctrl_alt_del();
    linux-2.6.32/drivers/xen/manage.c:173: ctrl_alt_del();
    linux-2.6.32/drivers/ps3/ps3-sys-manager.c:230: * been pressed irrespective of how init handles the ctrl_alt_del signal.
    linux-2.6.32/drivers/ps3/ps3-sys-manager.c:449: kill_cad_pid(SIGINT, 1); /* ctrl_alt_del /
    linux-2.6.32/drivers/ps3/ps3-sys-manager.c:467: kill_cad_pid(SIGINT, 1); /
    ctrl_alt_del */
    linux-2.6.32/arch/arm/mach-iop32x/n2100.c:302: ctrl_alt_del();
    linux-2.6.32/arch/arm/mach-ixp4xx/nas100d-setup.c:212: ctrl_alt_del();
    linux-2.6.32/arch/arm/mach-ixp4xx/fsg-setup.c:163: ctrl_alt_del();
    linux-2.6.32/arch/arm/mach-ixp4xx/nslu2-setup.c:194: ctrl_alt_del();
    linux-2.6.32/arch/arm/mach-ixp4xx/dsmg600-setup.c:184: ctrl_alt_del();
    linux-2.6.32/arch/mips/bcm47xx/wgt634u.c:123: ctrl_alt_del();
    linux-2.6.32/arch/um/drivers/mconsole_kern.c:300: ctrl_alt_del();
    linux-2.6.32/arch/powerpc/platforms/cell/beat.c:186: ctrl_alt_del();
    linux-2.6.32/arch/powerpc/platforms/cell/beat.c:194: ctrl_alt_del();
    linux-2.6.32/kernel/sys.c:450:void ctrl_alt_del(void)
    %

    And that's just the bits that match that string exactly.  I apologize for using a relatively new kernel; all my older kernel source is tar.lmzaed.  But it was definitely in the kernel source back in 1998, when I was futzing around with Magic SysRq and thus looking at code near there.

    @morbiuswilters said:

    @tgape said:

    I only allow it because it's generally pretty secure - the only other people who have access to my keyboard wouldn't do that to me.

    I'm not concerned about someone doing it maliciously, I'm concerned about someone doing it accidentally.

    Ah.  Nobody else uses the consoles on my home boxes.

    @morbiuswilters said:

    @tgape said:

    However, I can see you're clearly out of touch.

    With what?  There are plenty of distros out there; I don't keep up with the options on every obscure one.  And I don't use distros for my personal servers and workstations

    Distros that have enabled this feature by default at one time or another include Ubuntu, Fedora, Gentoo, Red Hat (pre-Enterprise; I haven't checked since then), Debian, and Slackware.  I'm not sure what others do, but I'm pretty sure it's been the majority of distros I've looked at.  Or are you saying that my above list is all obscure crap?  (The 'crap' part I'll agree with - only reason why I'm not using DIY is it takes too much time.  But every distro I've ever used has a lot of WTFs in it.)

    @morbiuswilters said:

    My point is that mapping ctrl-alt-del to restart on production machines is stupid. Even stupider: making it the default.

    Agreed.  Note that I only have it enabled on home machines.



  • @tgape said:

    And that's just the bits that match that string exactly.  I apologize for using a relatively new kernel; all my older kernel source is tar.lmzaed.  But it was definitely in the kernel source back in 1998, when I was futzing around with Magic SysRq and thus looking at code near there.

    The kernel actually recognizes it as a reboot request?  That seems really WTFy.  I'm too lazy to check myself.

     

    @tgape said:

    Ah.  Nobody else uses the consoles on my home boxes.

    This is ttys or does it work on pseudo ttys, too?

     

    @tgape said:

    Distros that have enabled this feature by default at one time or another include Ubuntu, Fedora, Gentoo, Red Hat (pre-Enterprise; I haven't checked since then), Debian, and Slackware.  I'm not sure what others do, but I'm pretty sure it's been the majority of distros I've looked at.  Or are you saying that my above list is all obscure crap?

    You're right, obscure was not correct.

     

    @tgape said:

    Agreed.  Note that I only have it enabled on home machines.

    I wouldn't enable it on anything, but whatever.  It seems you were justifying it being a default before, while I was saying it was a WTF.  If we agree on it being a WTF, then cool.



  • @tgape said:

    GNU init

    There's no such thing. Did you mean sysvinit?



  • A very brief check indicates that FreeBSD also has "ctrl+alt+del = reboot" and that it's actually built into the kernel itself, to the point that it is toggled by setting the "hw.syscons.kbd_reboot" sysctl parameter to 0/1 or by [b]recompiling the kernel[/b] with a special option (either SC_DISABLE_REBOOT or PCVT_CTRL_ALT_DEL, depending on whether you use the syscons or pcvt console driver). Fortunately, current versions seem to have it disabled by default once the system boots to multiuser.



  • @morbiuswilters said:

    The kernel actually recognizes it as a reboot request?  That seems really WTFy.  I'm too lazy to check myself.

    Ctrl+Alt+Del is catched by the console kernel driver, THEN passed to init, which can ignore it or execute some command line.
    Also, power button is handled by the ACPI driver, which passes it to acpid, which can ignore it or execute some command line.
    A lost of distros set them to [code]/sbin/shutdown -r now[/code] (graceful shutdown then reboot) and [code]/sbin/shutdown -h -P now[/code] (graceful shutdown then poweroff).
    It can be changed to anything else, from no action, thru displaying "FUCK YOU" on the screen, to activating the automated gun turret aimed at the console user*.

    The "Magic SysRq" is a relatively low-level kernel call.
    Its B command of it initiates an immediate** system reset.
    OTOH, Alt+SysRq+{S,U,B} is "Sync, Unmount, Boot", and quite often allows you to flush the disk caches and put the partitons in a semi-clean state before zapping the system.
    In any case, it's meant to be used when the regular shutdown can't be used for some reason.

    * May require additional hardware
    ** Didn't check the code; might actually do a bit of bookkeeping, but it doubt it.



  • @bannedfromcoding said:

    Ctrl+Alt+Del is catched by the console kernel driver, THEN passed to init, which can ignore it or execute some command line.

    Alright, that makes sense.  It still seems odd to me that that particular key sequence is given recognition in the kernel.

     

    @bannedfromcoding said:

    Also, power button is handled by the ACPI driver, which passes it to acpid, which can ignore it or execute some command line.

    Yeah, I knew that.  For racked servers, it's less likely the button will be pushed accidentally, but I'd still disable it and require a hard power-cycle (which can be done remotely).  Either the system is in a state where you can reboot it from a shell, or it's so hosed that the power button might not work anyway.  For my laptops, the power button just throws up a countdown dialog that puts the system into S3.



  •  I always figured the reasoning behind placing the reboot behind CTRL-ALT-DEL is because it is not possible to simulate CTRL-ALT-DEL in software (except, of course, in a virtual machine).  IIRC, CTRL-ALT-DEL calls int 19h.  But I could be wrong.



  • @bannedfromcoding said:

    ** Didn't check the code; might actually do a bit of bookkeeping, but it doubt it.

    I've submitted kernel patches (rejected - sigh.  But later on, someone else submitted basically the same patch, and it got approved, so I'm happy) within something on the order of 50 lines of the code.  Last I checked, by immediate, it means within about 10 assembly instructions, depending upon the platform - it performed a direct function call to the reboot routine.  Not even the vaguest hint of bookkeeping.  As I recall, back when Magic SysRq included a key to 'kill all processes including init' (another real WTF - and how), it was the only thing that still worked after killing all processes including init.

    For the curious, my patch was actually to eliminate 'kill all processes including init', as a dangerous and ill-conceived notion.

    Note that "Unmount" does not actually unmount anything, it just remounts everything read-only.

    While I agree with everything else you've said, I'll restate something for clarity: the kernel's involvement in Ctrl-alt-del is limited to simply recognizing the keystroke (as identified by the key map, unless the keyboard is in raw mode) and notifying init of the event.

    Update: because I'm curious, I checked - it's now a bit heavier, as it takes a moment to enable IRQs, which is potentially a rather involved bit of code relative to what it looked like back in 1998.  It also does some lock dependency frufru, but that's only a handful of assembly instructions (one line of C code, after the function call overhead.)


  • Garbage Person

     So what's the problem again? If you have console access, you have physical access and thus a reboot isn't terribly difficult to achieve anyway - yes, you can reboot the machine without logging in but you can also yank the power cable.

    I can login as root to any of my servers via SSH and smack ctrl-alt-del all day long and the only thing that'll be rebooting is the client system. If you're handing out actual VM console access to people you don't want rebooting your boxes, you're doing EVERYTHING wrong - and VMWare goes to pretty decent lengths to make sure that you aren't going to accidentally send ctrl-alt-del to a VM anyway.

    The only time where disabling it makes sense is in really obscure setups where the machine itself is located in an inaccessible secured location, but the actual console I/O is not secured. I've seen a setup like this ONCE with modern equipment.

     

    And if you're concerned one of your admins is going to accidentally reboot something while working on the local console, ask yourself first why in the name of all that is holy was he touching a physical console for a machine that's working properly, instead of sitting at his desk?



  • @Weng said:

    So what's the problem again? If you have console access, you have physical access and thus a reboot isn't terribly difficult to achieve anyway - yes, you can reboot the machine without logging in but you can also yank the power cable.
    Not entirely true. IP KVMs are only one of the many technologies that allow console access without physical access.



  • @Weng said:

     So what's the problem again? If you have console access, you have physical access and thus a reboot isn't terribly difficult to achieve anyway - yes, you can reboot the machine without logging in but you can also yank the power cable.

    I can login as root to any of my servers via SSH and smack ctrl-alt-del all day long and the only thing that'll be rebooting is the client system. If you're handing out actual VM console access to people you don't want rebooting your boxes, you're doing EVERYTHING wrong - and VMWare goes to pretty decent lengths to make sure that you aren't going to accidentally send ctrl-alt-del to a VM anyway.

    The only time where disabling it makes sense is in really obscure setups where the machine itself is located in an inaccessible secured location, but the actual console I/O is not secured. I've seen a setup like this ONCE with modern equipment.

     

    And if you're concerned one of your admins is going to accidentally reboot something while working on the local console, ask yourself first why in the name of all that is holy was he touching a physical console for a machine that's working properly, instead of sitting at his desk?

    Well, we have a clear example of somebody dropping a keyboard and having ctrl-alt-del being hit.  My point is, why even have a key combination to do something as potentially harmful as a reboot?  It's not that  you can't do it other ways, it's that the other ways are properly intentional whereas a key combination can be hit accidentally.  What possible justification do you have for having a shortcut to reboot the machine?  Why not have a shortcut to overwrite all the disks with random data?  Sure, you can do it other ways, but why not add in that extra little thing that could go wrong?



  • @morbiuswilters said:

    Why not have a shortcut to overwrite all the disks with random data?

    <font color="#EE8800">

    You mean, you don't?!?  Admittedly, my sequence is a bit more complicated, as it'll install a random Linux distro after the wipe's completed.

    I have that set to Ctrl-Alt-Enter.  On retrospect, that's probably not the greatest idea, because it's the other hand equivalent for the traditional three finger salute, so things could've gone worse for my reboot that motivated this thread.  Maybe I should remap that to quadruple-bucky-w...

    </font>


  • @tgape said:

    @morbiuswilters said:
    Why not have a shortcut to overwrite all the disks with random data?

    <font color="#ee8800">

    You mean, you don't?!?  Admittedly, my sequence is a bit more complicated, as it'll install a random Linux distro after the wipe's completed.

    I have that set to Ctrl-Alt-Enter.  On retrospect, that's probably not the greatest idea, because it's the other hand equivalent for the traditional three finger salute, so things could've gone worse for my reboot that motivated this thread.  Maybe I should remap that to quadruple-bucky-w...

    </font>
    When did you learn dutch?



  • @belgariontheking said:

    When did you learn dutch?

    Years ago, a friend offered me the following advice to aid me with my German:

    @Tim said:

    After you get the vocabulary down, to get the accent right, just drink beer until you're a little tipsy.

    @tgape said:

    What happens if you accidentally drink too much and get sloshed?

    @Tim said:

    Then you speak Dutch instead.



  •  I am drunk all the time.


Log in to reply