Disable SYSRQ support by default for added security The magic SysRq is meant for development and debugging. Instead of trying to determine whether it can be used to break into a Linux system, we decided to pre-emptively steer clear of any potential security vulnerabilities by disabling it by default. Developers can re-enable it through sysctl or by using the kernel command line option sysrq_always_enabled. Change-Id: If448006869b5662e76f9caa5e01d6668c5d709eb

commit: 77c172c5577a6c1919ebe480dff0bbdb20c85a87 [log] [tgz]
author: Daniel Mentz <danielmentz@google.com> Mon Mar 30 12:19:38 2015 -0700
committer: Daniel Mentz <danielmentz@google.com> Tue Apr 21 11:09:40 2015 -0700
tree: 4852580550138e58aa5b6e321d3e22494125b16a
parent: 9d86835cbf19754519f51664955d2ec350773e14 [diff]
diff --git a/include/linux/sysrq.h b/include/linux/sysrq.h
index 7faf933..386032ae 100644
--- a/include/linux/sysrq.h
+++ b/include/linux/sysrq.h

@@ -18,7 +18,7 @@
 #include <linux/types.h>
 
 /* Enable/disable SYSRQ support by default (0==no, 1==yes). */
-#define SYSRQ_DEFAULT_ENABLE	1
+#define SYSRQ_DEFAULT_ENABLE	0
 
 /* Possible values of bitmask for enabling sysrq functions */
 /* 0x0001 is reserved for enable everything */
commit	77c172c5577a6c1919ebe480dff0bbdb20c85a87	[log] [tgz]
author	Daniel Mentz <danielmentz@google.com>	Mon Mar 30 12:19:38 2015 -0700
committer	Daniel Mentz <danielmentz@google.com>	Tue Apr 21 11:09:40 2015 -0700
tree	4852580550138e58aa5b6e321d3e22494125b16a
parent	9d86835cbf19754519f51664955d2ec350773e14 [diff]