[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Removing bash (Was: /etc/init.d/network is too simple?)



* Michael Stone said:

> > This change won't affect performance, nor weaken security as you imply
> > below.
> 
> Adding a toor account does add a new security issue, which I said
> straight out rather than leaving it to implication. (Whether it's a big
> one depends on other factors, but it's not without impact.) The toor
> account was one of the policy options you suggested.
Oh, yes, but I enumbered it just for the record - while it is a solution
that works, I don't like it very much for the reason you mentioned.

> > Well, take a look at the 2) above. It doesn't add any user, it merely
> > changes one startup script and adds one package to the set of base ones.
> 
> Adding a new package to base isn't something that should be done
> lightly. And making sash the default single-user shell changes the
> behavior of single-user mode unexpectedly (people do use single for
> things besides disaster recovery, and this kind of change would not go
> unnoticed.) And if you can boot far enough to get into single, sash
> isn't likely to help you that much--init needs shared libs, as does
> sulogin--so what has it bought you?
Well, true, init is also linked dynamically and if it doesn't work, then I'm
cooked anyway. But the problem I had was that init worked, dynamic library
loading also worked, but bash - the default shell of everyone on the machine
including root - didn't work! If I had sash as a single mode shell BY
DEFAULT then I would simply boot into single mode, and did all the fixing
needed to boot normally. But, since I didn't have sash installed at all
(fact is, I didn't even know about it - my fault...) I had to go to another
machine copy the appropriately linked bash to a diskette, boot from the
rescue disk and install the new bash just to be able to get shell prompt in
SINGLE mode. That preparation took me 15 minutes, then what I had to do in
single mode took another 15 minutes. For half an hour a production system
was off-line, while it could've been 15 minutes at most. The accident I'm
describing is a marginal one, of course, but nevertheless it happened - and
that's a reason for me to be concerned about something like this happening
in the future. That was also the reason why I wrote my original message.

greetings,
  marek

Attachment: pgpa3MWyPb2og.pgp
Description: PGP signature


Reply to: