On 07/02/2009 04:18 PM, Seewer Philippe wrote:
Hans de Goede wrote:
3) chmod /proc/cmdline 400, so that it cannot be read by ordinary
users, plugging
the passwork leak problem
This does not really plug the leak. Just boot until initramfs is loaded,
pull the network plug and wait until dracut drops us to a (root-)shell.
Ah, which reminds me, that we should have an option to turn that off.
Now the remaining question is how to implement the adding of the needed
cmdline options to grub.conf.
Question: Is it really necessary to provide username/password to dracut?
Wouldn't it be better to ask the user? I mean if a mount is password
protected, be it cryptroot, nfs4 or whatever, shouldn't the user enter
the data?
username/password for iSCSI disks entered by a normal user every day he boots
his diskless client?
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
