Slashdot Mirror
The Guy Responsible For Ctrl-Alt-Del
Gannett News is running a story about David Bradley, the IBM engineer who, in 1980, coined Ctrl-Alt-Del. Interestingly, he meant for it to remain a developer-only tool, not something for end users, and certainly not to have Windows users change their passwords or logoff. He also says he chose those keys specifically as it's not a key sequence that can be struck by accident.
When I read 'the guy responsible for Ctrl-Alt-Del", I thought you ment Tim Buckly - author of the awesome Ctrl-Alt-Del Webcomic Series.
:)
I love this Comic
--
One by one the penguins steal my sanity...
Many people rag on this, but it actually made some sense at the time. Microsoft has removed it from later versions of Windows for convenience, not security, purposes.
For people who don't know, WIndows NT 4 (and perhaps 3.5 and earlier?) required one to hit CTRL-ALT-DEL to get a login prompt. Many people complained, not seeing the logic in it, but logic there is.
CTRL-ALT-DEL is can never, ever be trapped by an application -- unless Windows has hosed completely, it's guaranteed to get the OS's attention. Having to hit it to get a login box means that no other application can fake a login box. If they tried, CTRL-ALT-DEL would bring up the task manager instead of a login dialog.
So regardless of whether you like it, the minor annoyance served a good purpose and was actually a fairly clever design decision. Much smarter than, oh, allowing macro viruses to execute by default.
This isn't as much "normalization" as it is "don't take so many drugs when you're designing tables."
Why is it that everyone thinks that Ctrl-Alt-Del has some special hardware interrupt, or something else that makes it magical?
The BIOS traps that combination (through the normal keyboard interrupt) and initiates a system reboot.
Problem is, if your OS isn't using the BIOS for keyboard input (pretty much every modern OS uses it's own keyboard handling code) then the OS determines what this key combination does.
In either case, it is software that determines what that key combination does.
--
"What do you want me to do? Whack a guy? Off a guy? Whack off a guy? Cause I'm married."
Not quite. Interrupt processing by the hardware is the same for real and protected modes (which are internal to the processor).
All key press/release events generate the same hardware interrupt (normally the keyboard is wired to the IRQ1 line of the interrupt controller). Standard BIOS setup configures the 8859 to generate Int 0x9 for this IRQ. The keyboard interrupt handler is then charged with identifying the Ctrl-Alt-Del combination and acting on it.
The default BIOS action is to triger a software interrupt (Int 0x17 IIRC). The motivation for this was not to prevent interceptions. Rather, this conforms to the policy of having BIOS entrypoints go through software interrupts (in this case allowing any program to generate a soft-boot).
Nope. It shares the same hardware IRQ with everything else on the keyboard. The interrupt service routine handles the particular values received from the keyboard, so it spawns a software interrupt for ctrl-alt-del that (OS-specific) suspends user mode code and does something configurable, e.g. Windows Security dialog in W2K, task mgr in W9x, or in Linux configured by what you've got in /etc/inittab.
jer
We may be human, but we're still animals
- Steve Vai
Here's one that has some more quotes from Dr. Bradley about inventing Ctrl-Alt-Del, as well as interviews with others on the team that invented the first IBM PC.
Googling on his name along with "history of IBM PC" yields other good tidbits.
SysRq was the original interrupt-generating special keystroke. It doesn't get much use anymore, though.
HIV Crosses Species Barrier... into Muppets
Well, aside from your comment indicating you to be a total jackass, there is actually a good reason behind the CTRL-ALT-DEL sequence in NT. It's a security feature.
"The CTRL-ALT-DEL key combination in NT disables user mode programs so a trojan program cannot intercept the user's name and password during the logon process. No user mode programs can be run until a valid logon has occurred. This is called restricted user mode. The CTRL-ALT-DEL key sequence indicates that there is a physically connected keyboard that the keystrokes are coming from. During the logon process, the Winlogon service passes the user's point of authentication, name, and password to the client/server (CSR) subsystem. The CSR passes the information to the security reference monitor which checks the Security Accounts Manager (SAM) database against the received information to see if the user is authentic. If so, a valid access token is generated and returned back down the line to the processes that sent the information."
Read more here.
ca::ctrlaltdel:/sbin/shutdown -r now
Yep...you might recognize that as the reboot command. You can go ahead and change it so that it shuts down your computer or run anything else you desire (although it'll run it with root privileges so, don't put something stupid in there unless you're running Lindows and therefore are always root, I guess)
Warning: Opinions known to be heavily biased.
Before the reset buttons on Macs, Apple II machines (the //c, the ][e, ][+ and //) had a reset button seated on a hefty spring, and would only take effect if you held down the Apple button (nowadays known as the Command key).
Although some Macs have had bad placement for the reset button (some Performas and the Mac II line come to mind), most Macs have had their reset buttons on the side of the machine, where it's not as easy to reach by mistake (and quite frankly, hard to locate at times).
Some of the Macs, also, had reset buttons that were inside the case, and could only be accessible with an externally-mounted, optional button that reached inside of the case for the reset button. Such was the case for the Mac Plus, SE (and SE/30) and the Mac II line (II, II x, II fx).
The worst placement for the reset button was on the PowerMac 601 (pizza box "G1" if you wish), where the front-mounted reset (and power) switch was at the same height of the (then much) thick keyboard. Pushing the keyboard against the machine could switch it off. Outright stupid it was.
By default it isn't enabled only if you aren't logging on to a windows domain controller (just the local computer). If your in a corporate setting normally you are and having to press Ctrl-Alt-Del remains in full effect...
Using Ctrl-Alt-Del for a login prompt doesn't mean you can't have a Trojan password gatherer. It just means you have to code it in Linux/*BSD where you can control the interrupt yourself. Make it bootable from floppy (grabbing extra data from HD or net if needed) and after a few login tries it 'reboots'. The floppy is long gone, and now it's back to the real NT (or 2k/xp) screen.
Nothing is secure when you can get physical access to the machine.
Got Apathy?
You're right it is capable of being hijacked. It uses the MSGINA.DLL and MS even explain how to do it on their website. It is capable of being used with a string of GINAs (Novell has one they use so that a user in a Novell Domain can log onto NDS called NWGINA.DLL)
Of course, for those of us who are slightly more lazy, this Easier to use version.
Dependable, Reliable Furnishings
Ok, so I didn't read all of it either, here's howto and ahy to use sysrq under linux 2.6
/proc/sys/kernel/sysrq
/proc/sysrq-trigger. eg:
/proc/sysrq-trigger
:-)
:IMPORTANT :IMPORTANT
/usr/linux-beta/Documentation/sysrq.txt
Edit ed for lameness, have fun
"Linux Magic System Request Key Hacks
Documentation for sysrq.c version 1.15
Last update: $Date: 2001/01/28 10:15:59 $
* What is the magic SysRq key?
It is a 'magical' key combo you can hit which the kernel will respond to
regardless of whatever else it is doing, unless it is completely locked up.
* How do I enable the magic SysRq key?
You need to say "yes" to 'Magic SysRq key (CONFIG_MAGIC_SYSRQ)' when
configuring the kernel. When running on a kernel with SysRq compiled in, it
may be DISABLED at run-time using following command:
echo "0" >
Note that previous versions disabled sysrq by default, and you were required
to specifically enable it at run-time. That is not the case any longer.
* How do I use the magic SysRq key?
On x86 - You press the key combo 'ALT-SysRq-<command key>'. Note - Some
keyboards may not have a key labeled 'SysRq'. The 'SysRq' key is
also known as the 'Print Screen' key.
On SPARC - You press 'ALT-STOP-<command key>', I believe.
On the serial console (PC style standard serial ports only) -
You send a BREAK, then within 5 seconds a command key. Sending
BREAK twice is interpreted as a normal BREAK.
On PowerPC - Press 'ALT - Print Screen (or F13) - <command key>,
Print Screen (or F13) - <command key> may suffice.
On other - If you know of the key combos for other architectures, please
let me know so I can add them to this section.
On all - write a character to
echo t >
* What are the 'command' keys?
'r' - Turns off keyboard raw mode and sets it to XLATE.
'k' - Secure Access Key (SAK) Kills all programs on the current virtual
console. NOTE: See important comments below in SAK section.
'b' - Will immediately reboot the system without syncing or unmounting
your disks.
'o' - Will shut your system off (if configured and supported).
's' - Will attempt to sync all mounted filesystems.
'u' - Will attempt to remount all mounted filesystems read-only.
'p' - Will dump the current registers and flags to your console.
't' - Will dump a list of current tasks and their information to your
console.
'm' - Will dump current memory info to your console.
'v' - Dumps Voyager SMP processor info to your console.
'0'-'9' - Sets the console log level, controlling which kernel messages
will be printed to your console. ('0', for example would make
it so that only emergency messages like PANICs or OOPSes would
make it to your console.)
'e' - Send a SIGTERM to all processes, except for init.
'i' - Send a SIGKILL to all processes, except for init.
'l' - Send a SIGKILL to all processes, INCLUDING init. (Your system
will be non-functional after this.)
'h' - Will display help ( actually any other key than those listed
above will display help. but 'h' is easy to remember
* Okay, so what can I use them for?
Well, un'R'aw is very handy when your X server or a svgalib program crashes.
sa'K' (Secure Access Key) is useful when you want to be sure there are no
trojan program is running at console and which could grab your password
when you would try to login. It will kill all programs on given console
and thus letting you make sure that the login prompt you see is actually
the one from init, not some trojan program.
IMPORTANT:In its true form it is not a true SAK like the one in
IMPORTANT:c2 compliant systems, and it should be mistook as such.
It seems other find it useful as
thank God the internet isn't a human right.
By the way, it's closer to:
All in all, Gates too it rather well, you need to see the video because my description makes it sound like Gates got really upset and he took it in stride quite well.You are in a maze of twisty little relative jumps, all alike.
Apple ][ Plus shipped with a hard "RESET" button not requiring any additional keys in combination. It had to be pushed pretty hard to make it depress, though. Unfortunately, it was somewhat close to "ESC" and occationally did get hit inadvertantly.
There was a switch on the keyboard controller that allowed you to change it to ctrl-reset.
On the original IBM PC Jr., circa 1980, it had both soft-reset (Ctl-Alt-Del) and diagnostic mode (Ctl-Alt-Ins). Wouldn't it be great to boot into a diag mode and check memory, disk, video. Maybe these new bios' will give me back a feature from 23 yrs ago.
That is, that key combo cannot be intercepted by applications thus making it impossible to create infamous fake logins for grabbing user credentials mere looks-like-login-screen
o l\Keyboard Layout registry entry. This changes the key mappings before the system processes ctrl-alt-del.
This is actually untrue. There are several ways to capture ctrl-alt-del in Windows. One is by remapping the keyboard with the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contr
The idea of a secure access key is a good one, but MS has a broken implementation since they allow it to be circumvented.
This is not entirely correct either. Right after POST, when a key is pressed/released, the keyboard controller generates an IRQ1 which will cause the processor to stop the currently executing program and execute the handler for interrupt 9 (as indicated in the Interrupt Vector Table). This handler keeps track of whether you're pressing ctrl-alt-delete and will cause the machine to reboot if that's the case (using another interrupt, actually).
When a modern 32-bit protected mode operating system like Windows (2000/XP) or Linux is loaded, it is a different story. The interrupt for the keyboard (which doesn't necessarily have to be 9, since the o/s can reprogram the 8259A chip to use another int) is handled by the o/s driver and this driver decides what is going to happen when ctrl-alt-delete is pressed. It could chose to simply treat ctrl-alt-delete as any other keyboard combination and maybe define another reset combination. The BIOS is out of the loop and it is the BIOS that has defined ctrl-alt-delete to be special. Thus the o/s is free to override this.
From your post it seems that you think that in Win2K/WinXP it is still the BIOS that intercepts the ctrl-alt-delete and then somehow forwards it to the O/S. This is not the case.
There are numerous reasons why it doesn't have to work.
In DOS, any program could disable the interrupts (using for example the CLI instruction) or could reprogram that 8259A to not generate IRQ1's. Or the program could change the interrupt vector table and intercept data from the keyboard and ignore the ctrl-alt-delete event.
In modern operating systems, the BIOS is out of the loop (the IRQ generated is handled entirely within the o/s) and the o/s could simple chose to ignore the combination. Or an error in it or one of it's other drivers may have caused the keyboard handler to be overwritten or the interrupts to have been disabled (it only takes two instructions for a linux driver to crash the system so ctrl-alt-delete won't work: "cli" and "hlt", in sequence).
From a hardware point of view there's nothing special about ctrl-alt-delete. The keyboard doesn't know it's doing something special, nor does the keyboard controller, CPU, chipset etc. when encountering ctrl-alt-delete.
It's the BIOS that is given special treatment to ctrl-alt-delete. Mayn modern O/S'es have chosen to follow the convention of this key combo being something special, even though they didn't have to (as I said, the BIOS is out of the loop when such O/S'es are loaded).
However when the software responsible for handling ctrl-alt-delete is malfunctioning or the control is taken away from it, theis key-combo won't work.
This only applied to the original Apple II and II+. In the earliest versions of those machines, the reset key was the same as any other key, and very easy to hit by mistake. My old II+ has the rubber washer installed under that keycap to make the key very hard to press. In later II+ revisions they changed to requiring control-reset. All later Apple II models use control-reset.
From http://apple2history.org/history/ah06.html:
- Peter
INsigNIFICANT
Our "windows sysadmin" here at the office wants to reboot machines all the time. I have to stop him from rebooting the central server several times a day. "Greg, that server is in production...we can't reboot it". The culture of rebooting is still with the Windows world, in a big way. Scheduling your reboots is a foriegn concept.
Shutting down free speech with violence isn't fighting fascism. It IS fascism!
The Amiga had Ctrl-LAmiga-RAmiga (or Ctrl-CBM-Amiga on some keyboards) at much the same time.
You can see the video here. My apologies for the crappy news.com link.
Who's the black private dick, who's a sex machine for all the chicks?
It is true that trojans would need to get permission to run with privs, or find an exploit, but once there they can happily reroute the CSR services through themselves with the Ctrl-Alt-Delete handler none the wiser.
Clouds drift, birds fly, windows break.
This feature is properly known as a SAK - Secure Attention Key. It's an old security feature used to prevent hijacking of trusted consoles, as you said, and is implemented on many systems. The perennial place where it's needed is university computer labs, where logging in and then leaving a fake login prompt running to capture passwords is has always been considered good clean fun. (To implement it properly, one should print a "wrong password!" message, and then exit the user session completely giving the user the real login prompt)
The basic idea is that the OS traps the SAK and does something obvious (like give you a login prompt) to keep a user from running a program pretending to be the OS. Since the OS doesn't let the user handle the SAK, security is maintained.
Linux supports SAK, however it's never really been properly deployed by distributions. Part of the reason is that nobody's ever really standardized on what the SAK key should be. If SysRQ is enabled, than Alt-SysRQ-k will cause a SAK event in the kernel. Otherwise, the keyboard driver can be configured by root to use any key sequence. One key sequence I've seen used is Alt-SysRQ-PageDown, but there's really no particular standard.
When SAK is raised in linux, all programs running on the current terminal are force-killed. It's then expected that init will provide a new login prompt there.
This leads to the second problem with SAK on Linux, namely that most users run X on workstation machines. If you SAK while X is running, the kernel kill -9's X... Which trashes your video card, leaving the system in an unusable state. Which is probably not what you wanted. Some video drivers and cards in X may be stable enough that, if you're running xdm/gdm/kdm etc., it may be able to restart X and give you an X11 login prompt - but the console will still be trashed, so you won't be able to exit out of X afterwards (or eg. with ctrl-alt-f1). It used to be the case that you could store the video settings for your console and run a program (eg. restoretext etc.) to fix them, but that hasn't worked on any modern video card in years. In addition, if you just escape out of X and then fix the console, X will re-trash your console as soon as you return to it, since it only stores the console settings from when X was started, not the current settings. Hence, X and your console program get in a fight and you probably end up crashing the video card and having to pull the power plug out or something if you do this a lot.
Confusing things even more, XFree generally defines its own internal "SAK"-like key sequence, Ctrl-Alt-Backspace. This isn't actually an OS-level SAK though, it just instructs X to quit. And not surprisingly, it often doesn't work due to XFree bugs (and may be trappable by user apps).
after my suggestion he should press "control alt del" went silent for a moment, then told me he only had one hand.
The right-hand Ctrl and Alt keys are within reach of the Del key. It's a bit awkward, but it should be.
I just checked. I had my index finger on Alt, my third finger on Ctrl, my pinky on Del - and my middle finger sticking straight out. I guess that IS the right way to do it.
Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
It's not broken. You have to be an admin to change that registry key. If you are already an admin it doesn't really matter since you could do more creative things like replace the keyboard driver.
Our Win2k servers reboot themselves because of random errors all the time. At least it reboots itself, rather than sitting at a blue screen.
As for blue screens, on my desktops I have seen plenty of blue screens with Win2k/XP, but they were generally hardware or driver issues, so can't really blame Windows for that. Though there were a few unexplained blue screens, but I assumed it was hardware.
Honestly, the whole "Windows always needs reboots" thing is done and over with. It died with the last decade.
I find this to be untrue, though I'm not going to say its totally Windows fault. There is a lot of software that will start crashing and quit working properly until you reboot. Windows needs to be rebooted. Face it, this fact hasn't changed. And of course for applying patches and installing software you're always going to be asked to reboot. Not good for running a server, ok for the desktop, but still annoying.
Honestly, with Win2k, for a while, whenever someone was having a problem, I asked "did you reboot?" They of course said "no." I went and rebooted their machine and the problem was fixed. I haven't experienced this for a while. Maybe everyone's learned to reboot their machine themselves?
Thumb on alt, ring finger on control, middle finger on delete.
Ceterum censeo subscriptionem esse delendam.
Must be your distro, then. Our RedHat and Gentoo boxes work with either the left or right CTRL+ALT keys. Same with our FreeBSD and OpenBSD boxes.
I captured it to a 4.4M file with mencoder:_ 001/cnetnews.download.akamai.com/674/t080901_1130_ 1_hi.asf
mencoder -ovc copy -oac copy -o ctrlaltdel.asf -forceidx mms://a644.m.akastream.net/7/644/674/t080901_1130
(remove any spaces from the mms:// address)
You can probably transcode it to a less sucky format if you want, RTFM.
(1) C-A-D was originally intended for internal use only, but since it quickly rebooted the machine back in the DOS command line days, it was used by all the application programs as a way to quickly start them up. Put in the app diskette -- to which you had already copied DOS, hit C-A-D, and the system reboots to your application.
(2) We had previously used a 3-key sequence on the System/23 DataMaster (with an Intel 8085 micro) as an "Easter egg" to invoke a debug monitor. Doing something similar on the PC was obvious. But I doubt that many of you have ever seen a DataMaster.
(3) The video clip that's been referenced is from the 20th anniversary celebration of the PC, August 8, 2001. There was a panel discussion with Dave Bradley (me, IBM), Dan Bricklin (VisiCalc), David Bunnell (PC Magazine), Rod Canion (Compaq), Bill Gates (MS), Andy Grove (Intel), Mitch Kapor (1-2-3) and Ray Ozzie (Notes). I was first -- alphabetically, if not financially -- and was asked about C-A-D. I had captured the clip from CNET.com shortly after the event. I supplied it to TechTV when I was interviewed by them on ScreenSavers, and they cut it in length -- while retaining the Bill Gates reaction shot. Microsoft used to have a transcript of the session on their site, but it's no longer there. There is a funny segment later on in which Bill Gates acknowledges that he's the author of Donkey.
(4) The entire development cycle of the IBM PC was from Sept 1980 to April 1981, when we released to manufacturing. About 7 months at a time when 3 years was the norm. So lots of things happened quickly -- and C-A-D was just one of them. Much of the PC design is inherited from the DataMaster.
(5) The original C-A-D was intended to be a two hand operation -- remember, the key layout for the original PC does not resemble current keyboards. We did provide a DOS Terminate and Stay Resident program that made the shift keys "sticky" so that the physically challenged could activate the keys one at a time.
Any other questions?