Subject: switch to fully dynamic and security
To: None <email@example.com>
From: Emmanuel Dreyfus <firstname.lastname@example.org>
Date: 10/20/2002 09:40:30
It seems to me that we lowered the security of the system when switching
to fully dynamic:
If we consider the case of someone having access to the console but not
to the floppy/cdrom/whatever (I have such machines in a computer room,
locked in a desk), previously, if you disabled ddb from the keyboard and
if you set the console as insecure in /etc/ttys, it was not possible to
get root by rebooting the machine and doing boot -s: init asked for the
Now, it is possible to tell init path to the kernel at boot time using
-a. I have not tried it yet, but it probably means that someone can
reboot the machine and request the kernel to lookup init here: /bin/sh,
thus bypassing any insecure console setting.
We lowered a bit our security, here, didn't we?
deja pas mal d'autres conneries comme ca.