Re: Security implications of allowing init to re-exec from another path

To: debian-security@lists.debian.org
Subject: Re: Security implications of allowing init to re-exec from another path
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 5 Jan 2006 09:54:59 -0200
Message-id: <[🔎] 20060105115459.GB10447@khazad-dum.debian.net>
In-reply-to: <[🔎] 43BBE787.1020003@yahoo.co.uk>
References: <[🔎] 43BBE787.1020003@yahoo.co.uk>

On Wed, 04 Jan 2006, Thomas Hood wrote:
> In #345741 the submitter has requested that /sbin/init be enhanced
> such that it can be re-executed from another path.  The idea is that
> "telinit -e INIT_PROG=/path/to/other/init" could be done prior to
> "telinit u".
> 
> Reasons for introducing this feature are given in the discussion of
> #345741.
> 
> Obviously not just anyone can do "telinit -e".  So it sounds safe.
> 
> Nevertheless the sysvinit maintainers thought it would be a good idea
> to ask here whether anyone sees any security problems arising from
> this feature.

Just to make the question a bit more clear for those not reading the bug
report, the real question is, are we causing problems for people who run /
read-only (imagine read-only media) and their security expectations?

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Security implications of allowing init to re-exec from another path
  - From: Michael Stone <mstone@debian.org>

References:
- Security implications of allowing init to re-exec from another path
  - From: Thomas Hood <jdthood@yahoo.co.uk>

Prev by Date: Re: Security implications of allowing init to re-exec from another path
Next by Date: unsubscribe
Previous by thread: Re: Security implications of allowing init to re-exec from another path
Next by thread: Re: Security implications of allowing init to re-exec from another path
Index(es):
- Date
- Thread