Subject: Re: Solved: init(8) fails to raise securelevel
To: Dr. Lex Wennmacher <wennmach@geo.Uni-Koeln.DE>
From: Greg A. Woods <woods@most.weird.com>
List: tech-security
Date: 01/15/1999 11:32:18
[ On Fri, January 15, 1999 at 13:47:07 (+0100), Dr. Lex Wennmacher wrote: ]
> Subject: Solved: init(8) fails to raise securelevel
>
> Solved (pilot error):
> 
> As last command in /etc/rc.local I started xdm:
> 
> if [ -f /usr/X11R6/bin/xdm ]; then
>         echo -n ' xdm'
>         /usr/X11R6/bin/xdm -nodaemon
> fi
> 
> The `-nodaemon' option and a missing `&' causes xdm to not fork off into the
> background. Thus rc.local and rc never return. init never finishes runcom() and
> never runs multi_user(). Thus, the securelevel is never raised.

This begs the question as to why you were using 'xdm -nodaemon' when
clearly you were running it as a daemon....  ;-)

> This might happen to others as well and is probably not noted always.
> 
> Followup to tech-security: I think that init should syslog() a warning if
> /etc/rc does not return after an appropriate time.

For future reference:  If login prompts never appear on regular
terminals, the true console, etc. then something's wrong with rc or
init.

I realize that it's sometimes difficult to see if a login prompt appears
on a machine without virtual consoles, such as a sparc or i386 with the
plain "pc" console.  However if you do have xdm running (or inetd and
local network access) then you can login and see if any getty processes
are running or not.

The problem with a timeout in init is that it would have to be rather
long -- longer than I'd expect anyone's patience to be (unless of course
you only expected to use xdm on the machine and were happily using it
when suddenly and hour or so latter the syslog message popped up in your
xconsole window.  In any case I think the extra code it would take to do
this isn't really necessary given the multitude of other ways of
discovering the problem.

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>