initscripts: Restore locked root account access by using sulogin --force

[Benda Xu]

Hi Andreas,

Dmitry Bogatov <KAction at debian.org> writes:

> [2016-05-07 11:12] Andreas Henriksson <andreas at fatal.se>
>> [...]
>> The initscripts package (src:sysvinit) needs equivalent changes to
>> restore the old status quo (and thus ignoring potential kiosk mode usecase
>> problems -- kiosk mode users should alter their init scripts and remove
>> the --force flag to be secure).
>
> Sounds convincing to me. So I prepared commit wip/bug-823660.  Dear
> co-maintainers, any objections?


@Andreas, what do you mean by "kiosk mode"?  Could you please define it
precisely?

I don't think sysvinit should blindly follow behaviors of systemd.
Entering the system as root without password prompt is a severe security
hole.

You may argue that if a cracker gets physical access to the machine, the
system is actually compromised.  Well, a cracker, sometimes a thief,
usually has a limited time penetrating a computer physically, while a
system administrator has virtually infinite amount of time.  Therefore,
the ease of not entering root password for sysadmin, does not shift the
risk that the system gets compromised quickly.

> Andreas Henriksson <andreas at fatal.se>
>
> The systemd package has been updated to pass the --force flag.

As the sulogin(8) says,

> Only use the -e option if you are sure the console is physically
> protected against unauthorized access.

Systemd imposes a big security risk to all the ignorant users without
telling them they need to make sure their console is physically
protected against unauthorized access, which is a harmful move we should
not follow.

Yours,
Benda