[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: ctrl-c during boot != good

On Fri, 2006-09-22 at 13:49 -0400, Bill Nottingham wrote:
> Dax Kelson (dax gurulabs com) said: 
> > SysVinit-2.86-12
> > ----------------
> > * Thu Sep 21 2006 Bill Nottingham <notting redhat com> - 2.86-12
> > - set controlling tty for /etc/rc so that ctrl-c can be passed to hung
> >   services (#184340)
> > 
> > I don't have the permission to read the bug, so I could be interpreting
> > this wrong.
> > 
> > You do *not* want users to be able to press ctrl-c during boot up.
> > Otherwise they can completely fsck the starting of daemons or commands
> > (like remounting / rw), possibly causing a serious security breach. This
> > is also a disaster for a kiosk where random malicious joe blows can
> > screwup and stop the boot.
> > 
> > I filed a bug circa 1997ish to fix the "can press control-c during
> > bootup" problem. Lets not go backwards.
> We have multiple requests from people who want to be able to press
> ctrl-c to stop hanging daemons. Note that you can *already* interrupt
> rc.sysinit.
> Bill

Bill, doesn't the facility already exist for those people? Namely
"interactive boot"?

Enabling this seems like a very bad tradeoff security wise. It is
friendly/easier to always login to the GUI as root but we don't because
that is bad security practice.

The interruptibility of rc.sysinit should be fixed.

You could at least make it configurable in /etc/sysconfig/init. 

Make PROMPT=yes allow/imply interruptibility but it PROMPT=no then the
bootup can't be interrupted (including rc.sysinit).

Dax Kelson
Guru Labs

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]