Re: Insecurity in linux boot

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David Feuer: "Re: US relaxes crypto restrictions?"
• Previous message: Jacob Hawley: "Re: question about sblive and linux"
• Maybe in reply to: christophe.leroy5@capway.com: "Insecurity in linux boot"

> At the end of boot, Linux kernel tries to fork init.
> If it fails, /bin/sh is forked.
> It means that If someone can alter init (with a tmp race for
> example), then reboot, it will have all access to the system.

> I think that /bin/sh should only be forked when asked at boot time
> with init= parameter (its use beeing protected by lilo password)

> christophe

If the machine has that sensitive data then it should be locked up anyway.
If the person can get around to rebooting the machine with the three
fingered salute then he could just as easily open the case and steal the
hard drive. Running /bin/sh is a good last resort measure. And a
passworded lilo does nothing if the machine is booted from a kernel on a
floppy.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

• Next message: David Feuer: "Re: US relaxes crypto restrictions?"
• Previous message: Jacob Hawley: "Re: question about sblive and linux"
• Maybe in reply to: christophe.leroy5@capway.com: "Insecurity in linux boot"