--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: initramfs-tools: Option to disable fallback to shell on panic
- From: Lionel Elie Mamane <lionel@mamane.lu>
- Date: Sun, 16 Jul 2006 15:32:37 +0200
- Message-id: <20060716133237.GA32205@capsaicin.mamane.lu>
Package: initramfs-tools
Severity: wishlist
Tags: patch
Here is a patch that adds a new configuration variable "PANIC_SHELL"
that, when set to no (not the default), disables the fallback to a
shell on panic. (Instead it makes init exit, and thus generates a
kernel panic.)
This is meant to be one link in a chain to secure a system as much as
convenient:
- Configure the BIOS to boot only from the hard drive
- Configure the boot loader not to let the user change boot
parameters
- This step: The boot process does not give a root shell to the
user, ever.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-amd64-k8-smp
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf 2006-07-07 10:15:42.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf 2006-07-16 14:30:43.000000000 +0200
@@ -45,3 +45,10 @@
NFSROOT=auto
+#
+# PANIC_SHELL: [ yes | no ]
+# Should init give the user a shell on panic?
+#
+
+PANIC_SHELL=yes
+
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog 2006-07-14 00:31:39.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog 2006-07-16 14:36:14.000000000 +0200
@@ -1,3 +1,9 @@
+initramfs-tools (0.69b.0) unstable; urgency=low
+
+ * Created an option to disable shell invocation on panic.
+
+ -- Lionel Elie Mamane <lmamane@debian.org> Sun, 16 Jul 2006 14:32:51 +0200
+
initramfs-tools (0.69b) unstable; urgency=high
* debian/initramfs-tools.preinst: Don't depend upon shipped directories
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions 2006-07-02 19:05:12.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions 2006-07-16 14:27:33.000000000 +0200
@@ -59,10 +59,15 @@
if [ -x /sbin/usplash_write ]; then
/sbin/usplash_write "QUIT"
fi
- modprobe -q i8042
- modprobe -q atkbd
- echo $@
- PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+ if [ "${PANIC_SHELL}" != no ]; then
+ modprobe -q i8042
+ modprobe -q atkbd
+ echo $@
+ PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+ else
+ echo $@
+ exit 0
+ fi
}
maybe_break()
--- End Message ---
--- Begin Message ---
Source: initramfs-tools
Source-Version: 0.75
We believe that the bug you reported is fixed in the latest version of
initramfs-tools, which is due to be installed in the Debian FTP archive:
initramfs-tools_0.75.dsc
to pool/main/i/initramfs-tools/initramfs-tools_0.75.dsc
initramfs-tools_0.75.tar.gz
to pool/main/i/initramfs-tools/initramfs-tools_0.75.tar.gz
initramfs-tools_0.75_all.deb
to pool/main/i/initramfs-tools/initramfs-tools_0.75_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 378455@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
maximilian attems <maks@sternwelten.at> (supplier of updated initramfs-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Aug 2006 15:35:09 +0200
Source: initramfs-tools
Binary: initramfs-tools
Architecture: source all
Version: 0.75
Distribution: unstable
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: maximilian attems <maks@sternwelten.at>
Description:
initramfs-tools - tools for generating an initramfs
Closes: 378455 383486
Changes:
initramfs-tools (0.75) unstable; urgency=high
.
* hook-functions: Add megaraid_sas to the scsi list. Thanks Kenshi Muto
<kmuto@debian.org>.
.
* init: Parse for "panic=<timeout>" bootarg.
.
* hook-functions: Immediately call reboot in the panic function if panic=0
to disallow any console access for secured boxes. (closes: 378455)
.
* debian/TODO: Update to current state
.
* update-initramfs: do_bootloader can be set mixed case or upper case.
Catch the obvious Yes and YES too.
.
* hook-functions: Really include DAC960 driver. Thanks Tim Small
<tim@buttersideup.com>. (closes: 383486) 2 module fixes thus urgency high.
Files:
adc42bb5b99b665afe6b597439021704 623 utils optional initramfs-tools_0.75.dsc
35c44a9a044772776d3bfbc52d41bbc0 46829 utils optional initramfs-tools_0.75.tar.gz
3eafb6fe70da6030f5d048015645a5b8 52158 utils optional initramfs-tools_0.75_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE5dab6n7So0GVSSARAtphAJ9ONv0sdg5mSWWSS8fqAs+omargkwCfbE+u
X2+9EGmwwyrR5G2GOE169UI=
=d5t/
-----END PGP SIGNATURE-----
--- End Message ---