From: Jeremy Katz <katzj-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
To: Harald Hoyer <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Cc: initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [PATCH 10/10] add "rdshell" command line argument
Date: Sun, 5 Jul 2009 21:53:14 -0400 [thread overview]
Message-ID: <20090706015313.GA70037@redhat.com> (raw)
In-Reply-To: <1246639520-3094-11-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
On Friday, July 03 2009, Harald Hoyer said:
> Only drop to an interactive shell if "rdshell" is specified on the
> command line. This prevents malicious users from gaining easy shell
> access to the host system (grub might be secured with a password).
I don't have a strong opinion about doing this vs not, but how could
they end up getting easy shell access? If grub is secured with a
password, they can't change kernel arguments. If they can change kernel
arguments, they can just add rdshell rather than change the root=
specifier.
Jeremy
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2009-07-06 1:53 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-03 16:45 [PATCH 00/10] *** SUBJECT HERE *** Harald Hoyer
[not found] ` <1246639520-3094-1-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-03 16:45 ` [PATCH 01/10] add binutiles requirement to specfile (because of nm) Harald Hoyer
2009-07-03 16:45 ` [PATCH 02/10] output everything to /dev/kmesg and add dmesg for the emergency_shell Harald Hoyer
[not found] ` <1246639520-3094-3-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-03 18:11 ` David Dillow
[not found] ` <1246644686.13823.5.camel-1q1vX8mYZiGLUyTwlgNVppKKF0rrzTr+@public.gmane.org>
2009-07-03 18:14 ` Harald Hoyer
2009-07-03 16:45 ` [PATCH 03/10] Defer mount to the real mount loop Harald Hoyer
[not found] ` <1246639520-3094-4-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-04 12:29 ` Seewer Philippe
[not found] ` <4A4F4B41.2060205-omB+W0Dpw2o@public.gmane.org>
2009-07-13 10:21 ` Harald Hoyer
2009-07-03 16:45 ` [PATCH 04/10] remove 50plymouth-pre0.7 module Harald Hoyer
2009-07-03 16:45 ` [PATCH 05/10] add firmware packages to be required by the dracut-generic package Harald Hoyer
2009-07-03 16:45 ` [PATCH 06/10] add rm to be installed for initqueue Harald Hoyer
2009-07-03 16:45 ` [PATCH 07/10] fail iscsiroot, if iscsistart fails Harald Hoyer
2009-07-03 16:45 ` [PATCH 08/10] put back the nfs mount in the udev event Harald Hoyer
[not found] ` <1246639520-3094-9-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-06 8:39 ` Seewer Philippe
2009-07-03 16:45 ` [PATCH 09/10] initqueue now loops until /dev/root exists or root is mounted Harald Hoyer
[not found] ` <1246639520-3094-10-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-06 8:54 ` Seewer Philippe
[not found] ` <4A51BBE0.6030603-omB+W0Dpw2o@public.gmane.org>
2009-07-13 9:53 ` Harald Hoyer
2009-07-03 16:45 ` [PATCH 10/10] add "rdshell" command line argument Harald Hoyer
[not found] ` <1246639520-3094-11-git-send-email-harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-06 1:53 ` Jeremy Katz [this message]
[not found] ` <20090706015313.GA70037-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2009-07-13 10:29 ` Harald Hoyer
2009-07-13 10:30 ` Harald Hoyer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090706015313.GA70037@redhat.com \
--to=katzj-h+wxahxf7alqt0dzr+alfa@public.gmane.org \
--cc=harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org \
--cc=initramfs-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.