On 07/06/2009 03:53 AM, Jeremy Katz wrote:
On Friday, July 03 2009, Harald Hoyer said:
Only drop to an interactive shell if "rdshell" is specified on the
command line. This prevents malicious users from gaining easy shell
access to the host system (grub might be secured with a password).
I don't have a strong opinion about doing this vs not, but how could
they end up getting easy shell access? If grub is secured with a
password, they can't change kernel arguments. If they can change kernel
arguments, they can just add rdshell rather than change the root=
specifier.
Jeremy
If root is on a network device, they can just unplug the network cable and end
up with a shell, then they can replug the cable and do whatever they want in the
shell.
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
