The magic SysRq key (and friends)

The SysRq magic key is often used in Linux operating systems as a way to prevent login spoofing (more on this later on), but it can be used for a lot more.
The idea is that the special combination ALT + SysRq can be used to trigger events that the kernel can understand. As an example, press simultaneously ALT + SysRq + s and in dmesg output you will see 

[685475.589183] sysrq: SysRq : Emergency Sync
[685475.591892] Emergency Sync complete


The kernel has catched the s (for sync) event and has performed an immediate file system sync. There are a lot more of combinations available, most notably:
  • b for an immediate boot (not crash safe!);
  • e and i for terminating and killing all processes (except init);
  • s for syncing the filesystems;
  • u for remounting all filesystems in read-only mode.
For a more complete list of sequences, please see the wikipedia page on SysRq.
If you need to safely reboot a machine, the sequence is a combination of all the keys as follows (you can specify more letters while handling the magic key): 
ALT + SysRq + r e i s u b
that will sync filesystem, terminate (hopefully in a correct way) all processes, remount filesystem in read only and reboot the machine so that no crash recovery will be required.

To Control or not to control?

The Linux SysRq is activated by the combination ALT + SysRq. On some Linux distribution you could need a more complicated sequence like CTRL + ALT + SysRq.
Apparently, using the longest CTRL + ALT + SysRq always work, so you can use this is a mnemonic for pretty much all the distributions.

Prevent Login Spoofing

Have you ever tried to login on a Windows NT (or higher) machine? You need to hit CTRL + ALT + canc. Thise sequence plays the same role as the magic SysRq and instruments the kernel to kill every other process before starting the login prompt. This makes the user sure the login manager is actually the only thing it is running on the system.
This is known as Secure Attention Key (SAK).
Linux desktop can offer the same with ALT + SysRq + k.

What about FreeBSD?

FreeBSD does not provide a SysRq sequence, but allows you to enter the kernel debugger from which you can trigger a reboot. The procedure is a lot more complicated than the Linux one, but can be triggered via CTRL + ALT + ESC or a sysctl as explained in the handbook. However, you need a kernel compiled with the debugger support, that in many cases is not the production kernel.

There are of course some special key combinations, that if used from the console can help the admin to get control, with particular regard to CTRL + ALT + DEL for an immediate (normal) reboot.

The article The magic SysRq key (and friends) has been posted by Luca Ferrari on September 1, 2020

Tags: linux , windows