Package: initramfs-tools
Version: 0.109.1
Severity: critical
Tags: patch
Hi,
I've set panic=0 as a kernel cmdline argument which should trigger a
reboot instead of spawning a shell. However, the reboot seems to be
uneffective and a shell is spawned nevertheless. This is unpleasing
since spawn=0 is "marketed" as a security feature in
initramfs-tools(8):
panic sets an timeout on panic. panic= is a documented
security feature: it disables the debug shell.
Output on screen:
Loading, please wait ...
Spawning shell within the initramfs
Rebooting automatically due to panic= boot argument
BusyBox v1.20.2 (Debian 1:1.20.0-7) built-in shell (ash)
Enter 'help' for a list of built-in commands.
/bin/sh: can't access tty; job control turned off
(initramfs) _
The commands halt, reboot, etc. don't work either.
To fix the security impact of an open shell I propose to at least add a
return after the reboot command so that if the reboot is effectively a
NOP still no shell is spawned.
diff --git a/scripts/functions b/scripts/functions
index 5352f1d..de64494 100644
--- a/scripts/functions
+++ b/scripts/functions
@@ -43,6 +43,7 @@ panic()
echo "Rebooting automatically due to panic= boot argument"
sleep ${panic}
reboot
+ return
fi
modprobe -v i8042 || true
modprobe -v atkbd || true
Regards,
Lukas
--
To UNSUBSCRIBE, email to debian-kernel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive:
https://lists.debian.org/cacb1aesuy7boyp9q4z1taovla3udqb-h3vhwyruolgrq2w4...@mail.gmail.com