Re: Why is there a prompt for a root shell when the default linux kernel boots?
Use the source, Luke.
/usr/share/initrd-tools/linuxrc is:
> #!/bin/sh
> #
> # $Id: linuxrc,v 1.3 2002/01/25 12:46:20 herbert Exp $
>
> PATH=/sbin:/bin
>
> . /linuxrc.conf
>
> if [ $DELAY -gt 0 ]; then
> echo "Waiting for $DELAY seconds, press ENTER to obtain a
> shell."
>
> trap "timeout=yes" USR1
> timeout=
> { sleep $DELAY; kill -USR1 $$ 2> /dev/null; }&
> pid=$!
> read line
> trap "" USR1
> kill $pid
> wait
>
> [ $timeout ] || exec sh
> fi
>
> . /loadmodules
> . /script
>
> for i in /scripts/*; do
> [ -f "$i" ] || continue
> case "$i" in
> *.sh)
> (. $i)
> ;;
> *)
> $i
> ;;
> esac
> done
This gets installed into the initrd as /linuxrc, which is executed
by the kernel automatically.
So the advice of setting DELAY=0 in /etc/mkinitrd/mkinitrd.conf
is correct (that parameter is transferred to /linuxrc.conf).
Documentation is in mkinitrd.conf(5).
I think the question is if the default should be 0 or not.
A nonzero default serves people fiddling with the kernel and
it's initrd, but is useless for other people. And indeed it
is a security risk if the machine is physically accessible.
My opinion is that it would be best to set DELAY to 0 in
the mkinitrd.conf delivered in initrd-tools package. Initrds
delivered with the kernel-image packages would then prevent
this hole. Abybody fiddling with initrd would probably do
his own initrds and could change DELAY.
Lupe Christoph
--
| lupe@lupe-christoph.de | http://free.prohosting.com/~lupe |
| I have challenged the entire ISO-9000 quality assurance team to a |
| Bat-Leth contest on the holodeck. They will not concern us again. |
| http://public.logica.com/~stepneys/joke/klingon.htm |
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: