[Pkg-sysvinit-devel] Bug#345741: Please add INIT_PROG env var to override re-exec'ing from /sbin/init

Thomas Hood jdthood at yahoo.co.uk
Tue Jan 3 11:32:48 UTC 2006


Petter Reinholdtsen wrote:
> This sounds like a security issue.  If the admin made / read-only, and
> someone is able to gain enough privileges to talk to init but not to
> remount the file system, they could re-exec init with a binary they
> provide instead of the binary the machine administrator intented to
> run.  Am I wrong?  If I am right, I believe we should not implement
> this feature.


I had the same thought.  At the very least the feature creates a new angle
of attack which needs to be thought about.  Whether the feature really could
create a vulnerability, I am not qualified to judge.

This is not to say that we definitely should not implement this.  But it does
mean that there should be strong arguments in favor of adding the feature.
Is "telinit u" with the new feature _needed_ to deal with these cases?  What
are the alternatives?
-- 
Thomas




More information about the Pkg-sysvinit-devel mailing list