[Mageia-dev] Handling single user/rescue/failsafe mode
Wolfgang Bornath
molch.b at googlemail.com
Thu Apr 26 14:22:31 CEST 2012
2012/4/26 Colin Guthrie <mageia at colin.guthr.ie>:
> 'Twas brillig, and Wolfgang Bornath at 26/04/12 12:05 did gyre and gimble:
>> 2012/4/26 Guillaume Rousse <guillomovitch at gmail.com>:
>>> Le 26/04/2012 12:12, Thierry Vignaud a écrit :
>>>
>>>> On 26 April 2012 11:38, Colin Guthrie<mageia at colin.guthr.ie> wrote:
>>>>>
>>>>> It seems that in mga1 single user mode just gave a shell without
>>>>> requiring root password.
>>>>>
>>>>> I'm not sure when this was added, but in the initscripts changelog, I
>>>>> see it has come from the big mdvconf patch[1].
>>>>>
>>>>> Can anyone remember the reason for this (perhaps it was related to tcb
>>>>> support?) and whether or not we should do the same thing in systemd
>>>>> which currently (now that I've fixed it) uses whatever SINGLE says in
>>>>> /etc/sysconfig/init.
>>>>
>>>>
>>>> This has been like this forever...
>>>> At least for the past decade.
>>>> I think other distros do/did it too.
>>>
>>> Some of them force the use of a password for single mode. Given the ease of
>>> bypassing it through init=/bin/sh, unless the bootloader is also protected,
>>> I'm a bit sceptic about the interest.
>>
>> For ages (Mandrakelinux/Mandriva) it has been
>>
>> SINGLE=/sbin/sushell
>
> Yes, but inittab itself just referenced /bin/sh (thus not caring what
> SINGLE variable was set to).
>
>> as default. IMHO this default setting is a security issue. Someone
>> with access to your machine (in an office or whereever) can simply
>> turn it on (or first turn it off with the power button), select
>> failsafe from the boot menue and has all the privileges he wants
>> without any hurdles to jump. So I've been advocating to change this
>> entry in /etc/sysconfig/init.
>>
>> I've been also recommending users to change the matching line in
>> /etc/inittab accordingly:
>>
>> #Single user mode
>> ~~:S:wait:/sbin/sulogin
>>
>> which does the same. Unfortunately Mandrake/Mandriva developpers did
>> not share my view.
>
> As Guillaume pointed out, if they have physical access, you can also
> just pass init=/bin/sh to the kernel prompt, so I see little real
> security benefit here (it maybe raises the bar slightly, but insecure is
> insecure).
I heard that argument before, so I'm used to it.
With the default settung nobody needs to be a wizard to switch on the
computer and select the failsafe mode. With that little bar you have
to know how to get to the kernel prompt (I guess you mean the kernel
line in the boot menue) and how to change it. So the small bar
prevents mischievous kids to do anything to dad's computer and office
collegues playing bad with you.
What is the advantage to leave the barn door open? To make it easier
on those who can not remember their root password? Having to find out
how to overcome that small bar will not hurt them but teach them a
lesson.
--
wobo
More information about the Mageia-dev
mailing list