1 |
I think what paul means is that when a bootloader isn't password |
2 |
protected, a malign user could pass 'cdroot' to the kernel and exploit |
3 |
some of the things this triggers in the rc scripts (autologin?) if |
4 |
those scripts directly parse the arguments passed to the kernel. |
5 |
|
6 |
The style of exploit is quite similar to passing: |
7 |
|
8 |
init=/home/hacker/exploit.sh or init=/bin/sh |
9 |
|
10 |
to the kernel on a system one has direct access to and whose bootloader |
11 |
isn't pass-protected. This issue is relevant for computers from |
12 |
computer rooms used for teaching/exams... |
13 |
|
14 |
But if I'm not mistaken the rc-scripts themselves do not 'parse kernel |
15 |
output', it's the linuxrc which parses the kernel arguments , and |
16 |
exports cdboot to the env, right? So there should be no security issues |
17 |
for systems which don't have an initrd and thus no linuxrc. |
18 |
|
19 |
Pieter |
20 |
|
21 |
On 17 Jan 2004, at 17:28, Brad House wrote: |
22 |
|
23 |
> don't have a clue what you mean by this statement |
24 |
> It is only applicable if you pass cdroot to your kernel. |
25 |
> If you're using a genkernel compiled kernel, that will |
26 |
> cause your system to not boot unless you're booting off a |
27 |
> cd. And for advanced users who actually build their own |
28 |
> kernel, I think they'd be brighter than to try to do autologin |
29 |
> stuff by passing cdroot to the kernel. |
30 |
> |
31 |
> Sorry, linux is not idiot-proof. This is a NON-ISSUE. |
32 |
> |
33 |
> -Brad |
34 |
> |
35 |
> |
36 |
>> Will there be a way to keep these of of hd installs. I don't think |
37 |
>> that |
38 |
>> this |
39 |
>> kind of functionality is good on hd installs. It makes it too easy to |
40 |
>> create |
41 |
>> an insecure system |
42 |
> |
43 |
> |
44 |
> -- |
45 |
> gentoo-releng@g.o mailing list |
46 |
> |
47 |
|
48 |
|
49 |
-- |
50 |
gentoo-releng@g.o mailing list |