That was me :) and that's its main purpose. It should also make your
kernel very slightly smaller, but mostly in __initfunc stuff (the 2.0
version is derived from the "old init" patch on Paul Gortmaker's Memory
Savers page at http://rsphy1.anu.edu.au/~gpg109/init.patch).
> > With the stock kernel, the feature is enabled whether the user
> > wants it (or knows it exists) or not. Calling this "insecurity through
> > obscurity" would not be a great exaggeration.
> Not really. Disabling the init= option dosn't make the system much more
> secure.
The init= option is not completely disabled. You can still use it to pass
parameters to init (init=single for example). Using "init=/bin/sh"
however will not get you a root shell, if you choose to say "no" to the
option. Because of your remarks, I've revised the patch to make this more
clear, and I've mentioned the hazards of bootable removable media. The
current patch is at:
http://jpj.net/~trevor/linux/execute_command-v3-2.1.84.diff
Thanks also to Michael Chastain for suggesting a default of Y for this,
and to Jon Lewis for pointing out LILO's password feature. I've used
their suggestions in the current version.
> You could, for example, put in a floppy with a root, and set root=.
I suggest CONFIG_BLK_DEV_FD=m for such a setup. Yes, someone could spray
saltwater into your floppy drive, or use other boot commands to cause
havoc. This patch doesn't try to change that; it is just meant to make a
small part of the kernel configurable rather than mandatory.
> Or you could put in a boot-floppy (on most systems).
I addressed that in my first reply to you.
___
Trevor Johnson