Gentoo Archives: gentoo-releng

From: Pieter Van den Abeele <pvdabeel@g.o>
To: gentoo-releng@l.g.o
Cc: base-system@g.o, Brad House <brad_mssw@g.o>
Subject: Re: [gentoo-releng] Re: baselayout changes for livecds
Date: Sat, 17 Jan 2004 16:51:18
In Reply to: Re: [gentoo-releng] Re: baselayout changes for livecds by Brad House
I think what paul means is that when a bootloader isn't password 
protected, a malign user could pass 'cdroot' to the kernel and exploit 
some of the things this triggers in the rc scripts (autologin?) if 
those scripts directly parse the arguments passed to the kernel.

The style of exploit is quite similar to passing:

init=/home/hacker/ or init=/bin/sh

to the kernel on a system one has direct access to and whose bootloader 
isn't pass-protected. This issue is relevant for computers from 
computer rooms used for teaching/exams...

But if I'm not mistaken the rc-scripts themselves do not 'parse kernel 
output', it's the linuxrc which parses the kernel arguments , and 
exports cdboot to the env, right? So there should be no security issues 
for systems which don't have an initrd and thus no linuxrc.


On 17 Jan 2004, at 17:28, Brad House wrote:

> don't have a clue what you mean by this statement > It is only applicable if you pass cdroot to your kernel. > If you're using a genkernel compiled kernel, that will > cause your system to not boot unless you're booting off a > cd. And for advanced users who actually build their own > kernel, I think they'd be brighter than to try to do autologin > stuff by passing cdroot to the kernel. > > Sorry, linux is not idiot-proof. This is a NON-ISSUE. > > -Brad > > >> Will there be a way to keep these of of hd installs. I don't think >> that >> this >> kind of functionality is good on hd installs. It makes it too easy to >> create >> an insecure system > > > -- > gentoo-releng@g.o mailing list >
-- gentoo-releng@g.o mailing list


Subject Author
Re: [gentoo-releng] Re: baselayout changes for livecds Brad House <brad_mssw@g.o>