Re: Bug#504043: initramfs: bail to shell on error: insecure default
Mario 'BitKoenig' Holbe wrote:
> Package: initramfs-tools
> Version: 0.92l
> initrams created by initramfs-tools default to opening shell access to
> the system on errors. This is an insecure default. Errors can be induced
> on otherwise secured systems in many ways, like plugging in USB sticks,
> eSATA devices, entering wrong passphrases, or whatever.
> The rest of the system tries to ensure not to give away unauthorized
> (root) shells by asking for passwords when entering maintenance or
> single user mode, etc.
> I know that initrams can be tweaked not to bail to a shell as a
> side-effect of setting the panic= kernel parameter. However, users have
> to explicitely choose this secure way. A cleaner approach w.r.t. secure
> defaults, IMHO, would be to let users choose the insecure way by
> setting a `bailtoshell' parameter or something like that (probably at
> the kernel commandline to allow emergency intervention).
> I'm not sure about the severity of this bug report, so I leave that up
> to you.
When this happens no service is running, that can enable remote login on the
If someone has physical access to the system the described procedure (live
usb/cd/dvd) could not be prevented.
I prefer there for encrypting all including the root fs too.
Last experience with initramfs and 2.6.26-1 is impressing me, I don't see
such a problem with it. initrd was created with dm-crypt module and the
boot process (/init script) asked for password.
The only problem I see is when you have more than one encrypted root
attached. It takes always the first one.