SCIENTIFIC-LINUX-USERS Archives

January 2012

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: serious bug in boot sequence when fsck is required
From:
Sergio Ballestrero <[log in to unmask]>
Reply To:
Sergio Ballestrero <[log in to unmask]>
Date:
Tue, 31 Jan 2012 21:50:46 +0100
Content-Type:
text/plain
Parts/Attachments:
text/plain (20 lines) 
On 31 Jan 2012, at 16:59, Yasha Karant wrote:
> On 01/30/2012 11:28 PM, Sergio Ballestrero wrote:
>> For the next time (because there's always one ;-) ), you can use
>> init=/bin/bash
>> as a boot option, it will completely skip the standard init and therefore the root password request.
> I do not like the idea of having an automatic root backdoor for security reasons (a university, in a department of computer science and engineering, with some bright CS, CE, and Physics majors -- some of whom do not accept in practice the ethics we attempt to instill).  I have used and will continue to use the toor kludge as an alternative to root for situations in which the root home directory, etc., is corrupt -- but toor also is defended, not open.

the init= "backdoor" is there in the kernel, whether you like having it or not (unless you patch it away) :
http://lxr.free-electrons.com/source/init/main.c#L757
so, as Niko was saying, you anyway must have a Grub password on any system that you care a bit about, it's the only defence.
And, I would add, BIOS settings password. And a big locked cage around it, etc etc ;-)

Cheers,
  Sergio

-- 
 Sergio Ballestrero  - http://physics.uj.ac.za/psiwiki/Ballestrero
 University of Johannesburg, Physics Department
 ATLAS TDAQ sysadmin group

ATOM RSS1 RSS2