Bug#378455: initramfs-tools: Option to disable fallback to shell on panic
tags 378455 -patch
severity 378455 important
retitle 378455 ignores panic=<timeout> bootparam
thanks not yet ready
On Sun, Jul 16, 2006 at 03:32:37PM +0200, Lionel Elie Mamane wrote:
>
> Here is a patch that adds a new configuration variable "PANIC_SHELL"
> that, when set to no (not the default), disables the fallback to a
> shell on panic. (Instead it makes init exit, and thus generates a
> kernel panic.)
indeed that is a long standing issue i have in mind.
although there is a kernel param for that: panic=<timeout>
we shouldn't ignore it but reboot in such cases after the timeout
has elapsed. very usefull for remote boxes!
> This is meant to be one link in a chain to secure a system as much as
> convenient:
>
> - Configure the BIOS to boot only from the hard drive
> - Configure the boot loader not to let the user change boot
> parameters
agreed.
> - This step: The boot process does not give a root shell to the
> user, ever.
once you have done aboves step user wont land into busybox shell.
the boot param "panic=0" should give you that security.
once properly implemented.
regards
--
maks
Reply to: