Subject: Re: RFC: migration to a fully dynamically linked system
To: None <firstname.lastname@example.org>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 12/26/2001 23:09:59
>> [...] code so that if the exec of init fails, or if an option
>> (RB_INITPATH) is provided by the MD boot code, it prompts for a
>> pathname for init.
> Hm... doesn't Linux provide some similar functionality, resulting in
> instant root access (for the knowledgable) in Linux-equipped student
> workstation pools? Of course, it's hard (nearly impossible) to secure
> a machine with semi-public physical access...
I don't know what Linux does or doesn't do in this respect. But yes,
if there is user-writable space on the root filesystem, and the user
can either cause the main init to go unexecable or provide boot
options, it does mean trivial root.
I would hope that semipublic machines would not be set up with
user-writable space on root and would require a firmware password to
boot with options. Nothing the OS does can protect against boneheaded
/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML email@example.com
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B