SysRq : HELP : loglevel(0-9) reboot(b) crash(c) terminate-all-tasks(e) memory-full-oom-kill(f) kill-all-tasks(i) thaw-filesystems(j) sak(k) show-backtrace-all-active-cpus(l) show-memory-usage(m) nice-all-RT-tasks(n) poweroff(o) show-registers(p) show-all-timers(q) unraw(r) sync(s) show-task-states(t) unmount(u) force-fb(V) show-blocked-tasks(w) dump-ftrace-buffer(z)
To see output generated by using SysRq commands it is required:
- when using X: open a terminal emulator and run
sudo journalctl -f - or to switch to a virtual console
- when using X: we should probably assume the session protected by xscreensaver or login prompt? What else would restricted SysRq prevent from an adversary that can use an active login session anyhow?
- on a virtual console: can we prevent seeing SysRq (or all kernel output) in virtual consoles as long as no user is logged in?
Not the Whonix / Kicksecure use case but in a use case of kiosk mode (somewhat(?) public access to a keyboard and screen only while the computer is considered securely locked away) it seems wrong that users without any login session can see output by the kernel in virtual consoles.
Output by SysRq commands should be hidden until there is a active login session? Good compromise?
Maybe removing quite boot parameter is the cause of this?