[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#751488: initramfs-tools: Shell spawned despite panic=0

Package: initramfs-tools
Version: 0.109.1
Severity: critical
Tags: patch


I've set panic=0 as a kernel cmdline argument which should trigger a
reboot instead of spawning a shell. However, the reboot seems to be
uneffective and a shell is spawned nevertheless. This is unpleasing
since spawn=0 is "marketed" as a security feature in

    panic sets an timeout on panic.  panic=<sec> is a documented
    security feature: it disables the debug shell.

Output on screen:

    Loading, please wait ...
    Spawning shell within the initramfs
    Rebooting automatically due to panic= boot argument

    BusyBox v1.20.2 (Debian 1:1.20.0-7) built-in shell (ash)
    Enter 'help' for a list of built-in commands.

    /bin/sh: can't access tty; job control turned off
    (initramfs) _

The commands halt, reboot, etc. don't work either.

To fix the security impact of an open shell I propose to at least add a
return after the reboot command so that if the reboot is effectively a
NOP still no shell is spawned.

    diff --git a/scripts/functions b/scripts/functions
    index 5352f1d..de64494 100644
    --- a/scripts/functions
    +++ b/scripts/functions
    @@ -43,6 +43,7 @@ panic()
                    echo "Rebooting automatically due to panic= boot argument"
                    sleep ${panic}
    +               return
            modprobe -v i8042 || true
            modprobe -v atkbd || true



Reply to: