[Pkg-sysvinit-devel] Bug#406587: init and telinit can reveal root pass on return from runlevel 1

Sat Jan 13 02:36:56 CET 2007

Hi,

Samuel Thibault, le Fri 12 Jan 2007 10:44:04 +0100, a écrit :
> Grant Thomas, le Thu 11 Jan 2007 21:17:40 -0600, a écrit :
> > I have the same problem as Lewis Stoddart above, with a small difference.
> > 
> > My machine gives the bash error when the username is supplied.
> > I do not receive the password in cleartext.
> > 
> > The problem does not appear when the maintenance mode is skipped with 
> > <crtl>+D.
> 
> What seems to happen is that init doesn't kill the maintenance shell: I
> can see it running on tty1, concurrently with getty, thus things are
> mixed: characters sometimes to go the maintenance shell, sometimes to
> getty.

Oops, init uses groups for sending TERM/KILL signals, so it does here
hurt to always set a session in sulogin. Here is a much safer version of
66_init_emerg_tty.dpatch

Samuel
-------------- next part --------------
#! /bin/sh /usr/share/dpatch/dpatch-run
## 66_init_ermg_tty.dpatch by Samuel Thibault
##
## All lines beginning with `## DP:' are a description of the patch.
## DP: Fix emergency mode's tty, making sure ^C and ^Z work when
## DP: booting with 'emergency' kernel option.  Closes bug #374543.

@DPATCH@
Index: sysvinit/src/init.c
===================================================================

--- sysvinit/src/init.c	(revisjon 808)
+++ sysvinit/src/init.c	(arbeidskopi)
@@ -89,7 +89,7 @@
 CHILD *newFamily = NULL;	/* The list after inittab re-read */
 
 CHILD ch_emerg = {		/* Emergency shell */
-	0, 0, 0, 0, 0,
+	WAITING, 0, 0, 0, 0,
 	"~~",
 	"S",
 	3,
Index: sysvinit/src/sulogin.c
--- sysvinit/src/sulogin.c	(revisjon 808)
+++ sysvinit/src/sulogin.c	(arbeidskopi)
@@ -23,6 +23,7 @@
 #include <pwd.h>
 #include <shadow.h>
 #include <termios.h>
+#include <errno.h>
 #include <sys/ioctl.h>
 #if defined(__GLIBC__)
 #  include <crypt.h>
@@ -427,7 +428,12 @@
 			} else
 				close(fd);
 		}
-	}
+	} else if (getpid() == 1) {
+		/* We are init. We hence need to set a session anyway */
+		setsid();
+		if (ioctl(0, TIOCSCTTY, (char *)1))
+			perror("ioctl(TIOCSCTTY)");
+	}
 
 	/*
 	 *	Get the root password.
