From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 15782 invoked from network); 17 Jan 2004 17:34:29 +0000 Received: from smtp.gentoo.org (128.193.0.39) by eagle.gentoo.oregonstate.edu with DES-CBC3-SHA encrypted SMTP; 17 Jan 2004 17:34:29 +0000 Received: from lists.gentoo.org ([128.193.0.34] helo=eagle.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.24) id 1AhuL7-0006Ci-0V for arch-gentoo-releng@lists.gentoo.org; Sat, 17 Jan 2004 17:34:29 +0000 Received: (qmail 7303 invoked by uid 50004); 17 Jan 2004 17:34:28 +0000 Mailing-List: contact gentoo-releng-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail Reply-To: gentoo-releng@lists.gentoo.org X-BeenThere: gentoo-releng@gentoo.org Received: (qmail 431 invoked from network); 17 Jan 2004 17:34:28 +0000 In-Reply-To: <65333.68.105.173.45.1074359176.squirrel@mail.mainstreetsoftworks.com> References: <65074.68.105.173.45.1074313417.squirrel@mail.mainstreetsoftworks.com> <200401171126.32137.pauldv@gentoo.org> <65254.68.105.173.45.1074356894.squirrel@mail.mainstreetsoftworks.com> <5D8ADEBE-490D-11D8-9955-0003938E7E46@gentoo.org> <65333.68.105.173.45.1074359176.squirrel@mail.mainstreetsoftworks.com> Mime-Version: 1.0 (Apple Message framework v604) Content-Type: text/plain; charset=US-ASCII; format=flowed Message-Id: <661732E0-4913-11D8-9955-0003938E7E46@gentoo.org> Content-Transfer-Encoding: 7bit Cc: base-system@gentoo.org, "Brad House" From: Pieter Van den Abeele Date: Sat, 17 Jan 2004 18:34:27 +0100 To: gentoo-releng@lists.gentoo.org X-Mailer: Apple Mail (2.604) Subject: Re: [gentoo-releng] Re: baselayout changes for livecds X-Archives-Salt: b8fb3ae4-4fb4-4b9f-a140-36e8bdc28a69 X-Archives-Hash: ec07ed6a0f8322a896c9853d0000b945 I don't care so much about this security issue because assuming that you are using a function in a scope shared by the rc scripts and haven't hard coded the way to read such arguments in every rc-script, it would be trivial to add some security measures later on. However from a alternative platform/architecture point of view I have to note that at least a kernel dependent strategy might be needed here. I wonder whether kernels such as for instance the hurd pass arguments the same way as a linux kernel and whether newer linux kernel releases might not change this process, thus requiring different rc scripts for each kernel while only a different runtime strategy is needed. Currently not an urgent issue, but we'll have to take this into account. Pieter On 17 Jan 2004, at 18:06, Brad House wrote: > no, the rcscripts must now parse the kernel commandline opts > to get a few options. There's really not many other ways to > do it. Besides you just proved by your statement that someone > could instead pass init=/bin/sh and override any sort of > init process, so trying to make the 'cdroot' option secure > is obsurd, as there's 10 million other ways to get in if you > have direct access to the computer. > > -Brad -- gentoo-releng@gentoo.org mailing list