Gentoo Archives: gentoo-releng

From: Pieter Van den Abeele <pvdabeel@g.o>
To: gentoo-releng@l.g.o
Cc: base-system@g.o, Brad House <brad_mssw@g.o>
Subject: Re: [gentoo-releng] Re: baselayout changes for livecds
Date: Sat, 17 Jan 2004 17:34:29
In Reply to: Re: [gentoo-releng] Re: baselayout changes for livecds by Brad House
I don't care so much about this security issue because assuming that 
you are using a function in a scope shared by the rc scripts and 
haven't hard coded the way to read such arguments in every rc-script, 
it would be trivial to add  some security measures later on.

However from a alternative platform/architecture point of view I have 
to note that at least a kernel dependent strategy might be needed here. 
I wonder whether kernels such as for instance the hurd pass arguments 
the same way as a linux kernel and whether newer linux kernel releases 
might not change this process, thus requiring different rc scripts for 
each kernel while only a different runtime strategy is needed. 
Currently not an urgent issue, but we'll have to take this into 


On 17 Jan 2004, at 18:06, Brad House wrote:

> no, the rcscripts must now parse the kernel commandline opts > to get a few options. There's really not many other ways to > do it. Besides you just proved by your statement that someone > could instead pass init=/bin/sh and override any sort of > init process, so trying to make the 'cdroot' option secure > is obsurd, as there's 10 million other ways to get in if you > have direct access to the computer. > > -Brad
-- gentoo-releng@g.o mailing list