Bug#378455: initramfs-tools: Option to disable fallback to shell on panic

[maximilian attems <maks@sternwelten.at>]

tags 378455 -patch
severity 378455 important
retitle 378455 ignores panic=<timeout> bootparam
thanks not yet ready

On Sun, Jul 16, 2006 at 03:32:37PM +0200, Lionel Elie Mamane wrote:
> 
> Here is a patch that adds a new configuration variable "PANIC_SHELL"
> that, when set to no (not the default), disables the fallback to a
> shell on panic. (Instead it makes init exit, and thus generates a
> kernel panic.)

indeed that is a long standing issue i have in mind.
although there is a kernel param for that: panic=<timeout>

we shouldn't ignore it but reboot in such cases after the timeout
has elapsed. very usefull for remote boxes!

 
> This is meant to be one link in a chain to secure a system as much as
> convenient:
> 
>  - Configure the BIOS to boot only from the hard drive
>  - Configure the boot loader not to let the user change boot
>    parameters

agreed.

>  - This step: The boot process does not give a root shell to the
>    user, ever.

once you have done aboves step user wont land into busybox shell.
the boot param "panic=0" should give you that security.
once properly implemented.

regards

-- 
maks