initscripts: Restore locked root account access by using sulogin --force
Andreas Henriksson
andreas at fatal.se
Thu Nov 15 08:55:13 GMT 2018
Hello Benda Xu,
I'll comment in more detail below, but in general I have to start out by
saying I think you've misunderstood this gravely. You should probably
try to clear your mind and start over on trying to understand this.
I'd also like to take the opportunity to fwiw object to the changing of
mailing list used in the Maintainer field. I happen to know from
experience that the alioth sysvinit-maintainers has people who have deep
sysvinit knowledge subscribed. By moving away from that list you'll
likely lose those people from potentially reading and occationally
comment on what's going on. Simply retracting into some corner of the
internet won't be doing the sysvinit package *in* *debian* a service.
You have everything to win by keeping clueful people in the loop.
Please feel free to use your other mailing list for discussion with your
peers, but keep the alioth list for official debian business.
On Thu, Nov 15, 2018 at 12:13:26PM +0800, Benda Xu wrote:
> Hi Andreas,
>
> Dmitry Bogatov <KAction at debian.org> writes:
>
> > [2016-05-07 11:12] Andreas Henriksson <andreas at fatal.se>
> >> [...]
> >> The initscripts package (src:sysvinit) needs equivalent changes to
> >> restore the old status quo (and thus ignoring potential kiosk mode usecase
> >> problems -- kiosk mode users should alter their init scripts and remove
> >> the --force flag to be secure).
> >
> > Sounds convincing to me. So I prepared commit wip/bug-823660. Dear
> > co-maintainers, any objections?
>
>
> @Andreas, what do you mean by "kiosk mode"? Could you please define it
> precisely?
I think others will explain it better than I can, so I'll just refer
to first and second hit I get on google for kiosk mode:
https://www.kioware.com/resources.aspx?resid=45
https://en.wikipedia.org/wiki/Kiosk_software
>
> I don't think sysvinit should blindly follow behaviors of systemd.
This has absolutely nothing to do with systemd. This is about sulogin
move from (debian patched version of) sysvinit sulogin to debian using
sulogin from util-linux.
> Entering the system as root without password prompt is a severe security
> hole.
A "severe security hole" that's been present in sysvinit sulogin for
decades (in debian atleast, IIRC upstream is not to blame for it).
It was "closed" by moving to util-linux sulogin, but that also left
those who have a locked root account (using sudo) being unable to login
via sulogin.
This bug report is limited in scope to just restoring the old status quo
by adding a flag when sysvinit invokes sulogin to get behaviour similar
to the old sysvinit sulogin version. (You're welcome that I helped out
with shephearding the needed util-linux changes upstream for your
convenience.)
Implementing flexibility in sysvinit to be able to accomodate for both
use-cases is left as an excersise to the reader. I'm not interested
in sysvinit feature development myself. I'm only interested in trying
to avoid it deteriorating too much.
[... rest of message snipped as is seems to go further into
misunderstanding land ...]
Regards,
Andreas Henriksson
More information about the Debian-init-diversity
mailing list