[Pkg-sysvinit-devel] Bug#345741: Would a restricted form of the
INIT_PROG feature suffice?
Thomas Hood
jdthood at yahoo.co.uk
Thu Jan 12 09:34:48 UTC 2006
I have an idea. Instead of allowing an arbitrary program path to be set, we allow
a _suffix_ to be set. "telinit -e INIT_SFX=foo ; telinit u" would cause init to exec
"/sbin/init.foo". Now, /sbin/init.foo can be a symlink to an executable on another
filesystem, so this should provide the same capability as INIT_PROG; but because it
is done via a symlink on the same filesystem as /sbin/init, the administrator has
control over what init can exec. If /sbin is on a read-only filesystem and there
are no /sbin/init.* then the feature is effectively disabled.
I can see two possible pitfalls. First, if /sbin/init.alt is a symlink to /alt/init
and /sbin/init execs /sbin/init.alt, does this keep /sbin's filesystem busy? If so
then we can code init to use readlink(2) to get the target of /sbin/init.alt and
exec that target instead of /sbin/init.alt itself.
Second, if /sbin/init execs /alt/init (via /sbin/init.alt) and /sbin is unmounted
then /sbin/init.alt is no longer visible; so init will not be able to re-exec
itself a second time. Would this be a problem?
--
Thomas Hood
More information about the Pkg-sysvinit-devel
mailing list