From owner-freebsd-security  Fri Dec 20 08:45:49 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id IAA26598
          for security-outgoing; Fri, 20 Dec 1996 08:45:49 -0800 (PST)
Received: from nic.follonett.no (nic.follonett.no [194.198.43.10])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id IAA26590
          for <security@freebsd.org>; Fri, 20 Dec 1996 08:45:36 -0800 (PST)
Received: (from uucp@localhost) by nic.follonett.no (8.8.3/8.8.3) with UUCP id RAA21943; Fri, 20 Dec 1996 17:43:51 +0100 (MET)
Received: from oo7 (oo7.dimaga.com [192.0.0.65]) by dimaga.com (8.7.5/8.7.2) with SMTP id RAA28722; Fri, 20 Dec 1996 17:45:14 +0100 (MET)
Message-Id: <3.0.32.19961220174411.009b7e10@dimaga.com>
X-Sender: eivind@dimaga.com
X-Mailer: Windows Eudora Pro Version 3.0 (32)
Date: Fri, 20 Dec 1996 17:44:12 +0100
To: Sean Winn <sean@perky.gothic.net.au>
From: Eivind Eklund <eivind@dimaga.com>
Subject: Re: stopping users from rebooting with ctr-alt-del
Cc: security@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

At 01:38 AM 12/21/96 +1100, you wrote:
>I can already see a nice simple problem, in that it would only work after
>login...if you need to shutdown because you can't login for some reason
>(exhausted swap space because of a nasty process?), then this makes things
>difficult...but it should help machines in public places around people who
>have too much curiosity. 

A simple solution: In secure mode, make CTRL-ALT-DEL sync the disks, alert
the user, and keep synced for a short amount of time (say 5 seconds). Allow
three of these syncs, then set a limit of eg 5 minutes before somebody can
do it again.
This way the administrator can sync and then remove power or hard reset,
but a nobody can't do "prank resets" - you get a maximum of 15s/300s = 5%
non-disk time if somebody is standing there messing with the machine
constantly.  (Possibly these constants should be tweaked, but I doubt
somebody will stand there for five minutes just to "lock the disk" again)
Eivind Eklund / perhaps@yes.no / http://maybe.yes.no/perhaps/