New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[CCE-28301-0] sleep_restart_shutdown_buttons #3

Closed
macosforgebot opened this Issue May 29, 2013 · 4 comments

Comments

@macosforgebot
Copy link

macosforgebot commented May 29, 2013

@DewSecGitHub originally submitted this as ticket:2

  • Version: Beta
  • Keywords: Settings, Review

[CCE-28301-0] sleep_restart_shutdown_buttons

CCE#: CCE-28301-0
Setting Name: sleep_restart_shutdown_buttons
Description:
Hide or display the sleep, restart, and shutdown buttons, as a group, in the login window.

Parameters: N / A
Technical Mechanism: In loginwindow.plist, set the PowerOffDisabled key = true to hide the buttons. If the key does not exist, buttons are displayed.

Reference: N / A

Function: Authentication

Rationale: The SOHO profile profile places more system management burdens on users.


SOHO: display the buttons
Enterprise: hide the buttons
SSLF: hide the buttons


Additional Mechanism: N / A


OVAL Content: N / A


Comment:

@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented May 29, 2013

@DewSecGitHub originally submitted this as comment:1:⁠ticket:2

  • Status changed from new to accepted
@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented Jun 3, 2013

dubs@… originally submitted this as comment:2:⁠ticket:2


Is this actually a security setting? If someone can walk up to the computer, they can just shut it off by holding the power key down.

@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented Jun 6, 2013

plink53@… originally submitted this as comment:3:⁠ticket:2


Replying to dubs@…:

Is this actually a security setting? If someone can walk up to the computer, they can just shut it off by holding the power key down.

I couldn't easily find a NIST 800-53 security control for this but this is an accessibility setting, restricting easy access to the mentioned functions. Yes, you can always shut down the computer if you have access to the power button but this shuts down everything instead of giving someone the ability to restart the computer. Shutting it down and starting it up could do the same thing but not always. Government IT managers want to limit the easy methods of shutting down and restarting to keep honest people honest. Of course an attacker could simply unplug the computer to shut it down.

@macosforgebot

This comment has been minimized.

Copy link

macosforgebot commented Aug 6, 2014

blank@… originally submitted this as comment:5:⁠ticket:2

  • Status changed from accepted to closed
  • Resolution set to R8 - Completed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment