[Mageia-dev] bug, omission or feature
Colin Guthrie
mageia at colin.guthr.ie
Sun Jun 3 17:52:47 CEST 2012
'Twas brillig, and Richard Couture at 03/06/12 12:27 did gyre and gimble:
> I notice that when, at the end of the installation of MGA2, I select the
> level of security as HIGH, that I am permitted entry into the system in
> Linux Single mode without a challenge password, which is a new, and IMHO
> undesirable, behavior from previous versions.
>
> Is this a new feature, or have I stumbled upon a bug?
>
> The /etc/inittab does have ~~:S:wait:/sbin/sulogin in it but I can get
> in without a password... Must be something new in system D
/etc/inittab is no longer used or read.
For single user mode now-a-days we boot to rescue.target (this is done
automatically if you just put a 1 at the end of the kernel command line
to support "runlevel 1").
Ultimately this pulls in rescue.service
This file should source the contents of /etc/sysconfig/init and then
execute:
/bin/bash -c "exec ${SINGLE}"
So please check /etc/sysconfig/init and make sure SINGLE is set to
/sbin/sulogin rather than /sbin/sushell.
However you will see from previous threads that I'm not convinced
sulogin is actually working all that well just now and it some
pre-release testing it didn't run properly for me.
On the whole, this kind of "security" is basically bullshit anyway. It
might make things a tiny bit harder, but if you can get into the
bootloader to append a 1 on the command line, you can also append
init=/bin/bash too which totally bypasses everything too. So while it's
maybe a nice idea, for all practical purposes, it's not any kind of real
security anyway, so don't rely on it!
Col
--
Colin Guthrie
colin(at)mageia.org
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the Mageia-dev
mailing list