Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-releng
Navigation:
Lists: gentoo-releng: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: "Martin Schlemmer" <azarah@g.o>
From: "Brad House" <brad_mssw@g.o>
Subject: Re: Re: baselayout changes for livecds
Date: Sat, 17 Jan 2004 15:57:59 -0500 (EST)
well, I hate to tell you, but 99% of the patch deals with stuff
not related to the kernel reading cdroot off the command
line.  Also, CDBOOT was being put to the end of the rc.conf already,
but it did not appear to work, and we are using the cdroot command
line already specific to genkernel's initrd, so it was a non-wasteful
way to implement it.

I don't have time to argue on this stuff.  The patch is sane,
it needs to be committed, yes there are other ways to do it,
but unless you have another option real soon,
that is tested and works, we're going to need something
in baselayout.

Azarah, did you not get my patches? Have you looked at them?

-Brad

> On Sat, 2004-01-17 at 20:29, Paul de Vrieze wrote:
>> On Saturday 17 January 2004 18:06, Brad House wrote:
>> > no, the rcscripts must now parse the kernel commandline opts
>> > to get a few options. There's really not many other ways to
>> > do it.  Besides you just proved by your statement that someone
>> > could instead pass   init=/bin/sh  and override any sort of
>> > init process, so trying to make the 'cdroot' option secure
>> > is obsurd, as there's 10 million other ways to get in if you
>> > have direct access to the computer.
>>
>> The big difference is that init=/bin/sh does not give you a normal
>> working
>> system, cdboot however could be abused to get a normal functioning
>> passwordless console. That would allow incapable systemadmins to decide
>> to do
>> this, or even tell others to do it (the latter I want to prevent).
>>
>
> I _did_ say it already, but you apparently did not want to listen - the
> kernel opts is not needed, as there is no need to be dynamic.  Its
> either a livecd or not.  And as Paul did mention, it might be open for
> exploit, although 'init=/bin/bash' will work as well.
>
> The baselayout ebuild will be modified to do changes if USE=livecd, as
> it is sane, and I imagine some other things will need special livecd
> tweaking as well.  Meaning, if USE=livecd, pkg_postinst() will
> 'echo CDBOOT=1 >> ${ROOT}/etc/rc.conf', and do whatever else.
>
>
> Thanks,
>
> --
>
> Martin Schlemmer
> Gentoo Linux Developer, Desktop/System Team Developer
> Cape Town, South Africa
>
>
>


--
gentoo-releng@g.o mailing list

References:
baselayout changes for livecds
-- Brad House
Re: Re: baselayout changes for livecds
-- Pieter Van den Abeele
Re: Re: baselayout changes for livecds
-- Brad House
Re: Re: baselayout changes for livecds
-- Paul de Vrieze
Re: Re: baselayout changes for livecds
-- Martin Schlemmer
Navigation:
Lists: gentoo-releng: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Re: baselayout changes for livecds
Next by thread:
Re: Re: baselayout changes for livecds
Previous by date:
Re: Re: baselayout changes for livecds
Next by date:
Re: baselayout changes for livecds


Updated Jun 17, 2009

Summary: Archive of the gentoo-releng mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.