Subject: Re: asking for the path to init.
To: None <tech-kern@netbsd.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: tech-kern
Date: 09/20/1999 10:49:54
> If there is to be a condition placed on the presence of the ability
> to specify a different init other than /sbin/init because of security
> requirements then that same condition should also be enforced on the
> other questions which can also lead to a security breach (i.e. where
> is the root filesystem).
Yes, though to the list of questions I'd add the boot device and the
kernel name.
> At present, [INSECURE] would seem to control the default value of
> securelevel and whether or not the kernel will execute world writable
> files (lib/libsa/exec.c).
Um, libsa isn't part of the kernel AFAIK; that restriction applies to
the booter. (I read it as, if you build the bootblocks without
INSECURE, they won't load a kernel whose world write bit is on.)
der Mouse
mouse@rodents.montreal.qc.ca
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B