Your message dated Fri, 18 Aug 2006 08:17:16 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#378455: fixed in initramfs-tools 0.75
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: initramfs-tools
Severity: wishlist
Tags: patch
Here is a patch that adds a new configuration variable "PANIC_SHELL"
that, when set to no (not the default), disables the fallback to a
shell on panic. (Instead it makes init exit, and thus generates a
kernel panic.)
This is meant to be one link in a chain to secure a system as much as
convenient:
- Configure the BIOS to boot only from the hard drive
- Configure the boot loader not to let the user change boot
parameters
- This step: The boot process does not give a root shell to the
user, ever.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-amd64-k8-smp
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf
/tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf 2006-07-07
10:15:42.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf 2006-07-16
14:30:43.000000000 +0200
@@ -45,3 +45,10 @@
NFSROOT=auto
+#
+# PANIC_SHELL: [ yes | no ]
+# Should init give the user a shell on panic?
+#
+
+PANIC_SHELL=yes
+
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog
/tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog 2006-07-14
00:31:39.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog 2006-07-16
14:36:14.000000000 +0200
@@ -1,3 +1,9 @@
+initramfs-tools (0.69b.0) unstable; urgency=low
+
+ * Created an option to disable shell invocation on panic.
+
+ -- Lionel Elie Mamane <[EMAIL PROTECTED]> Sun, 16 Jul 2006 14:32:51 +0200
+
initramfs-tools (0.69b) unstable; urgency=high
* debian/initramfs-tools.preinst: Don't depend upon shipped directories
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions
/tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions 2006-07-02
19:05:12.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions 2006-07-16
14:27:33.000000000 +0200
@@ -59,10 +59,15 @@
if [ -x /sbin/usplash_write ]; then
/sbin/usplash_write "QUIT"
fi
- modprobe -q i8042
- modprobe -q atkbd
- echo $@
- PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+ if [ "${PANIC_SHELL}" != no ]; then
+ modprobe -q i8042
+ modprobe -q atkbd
+ echo $@
+ PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+ else
+ echo $@
+ exit 0
+ fi
}
maybe_break()
--- End Message ---
--- Begin Message ---
Source: initramfs-tools
Source-Version: 0.75
We believe that the bug you reported is fixed in the latest version of
initramfs-tools, which is due to be installed in the Debian FTP archive:
initramfs-tools_0.75.dsc
to pool/main/i/initramfs-tools/initramfs-tools_0.75.dsc
initramfs-tools_0.75.tar.gz
to pool/main/i/initramfs-tools/initramfs-tools_0.75.tar.gz
initramfs-tools_0.75_all.deb
to pool/main/i/initramfs-tools/initramfs-tools_0.75_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
maximilian attems <[EMAIL PROTECTED]> (supplier of updated initramfs-tools
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 18 Aug 2006 15:35:09 +0200
Source: initramfs-tools
Binary: initramfs-tools
Architecture: source all
Version: 0.75
Distribution: unstable
Urgency: high
Maintainer: Debian kernel team <debian-kernel@lists.debian.org>
Changed-By: maximilian attems <[EMAIL PROTECTED]>
Description:
initramfs-tools - tools for generating an initramfs
Closes: 378455 383486
Changes:
initramfs-tools (0.75) unstable; urgency=high
.
* hook-functions: Add megaraid_sas to the scsi list. Thanks Kenshi Muto
<[EMAIL PROTECTED]>.
.
* init: Parse for "panic=<timeout>" bootarg.
.
* hook-functions: Immediately call reboot in the panic function if panic=0
to disallow any console access for secured boxes. (closes: 378455)
.
* debian/TODO: Update to current state
.
* update-initramfs: do_bootloader can be set mixed case or upper case.
Catch the obvious Yes and YES too.
.
* hook-functions: Really include DAC960 driver. Thanks Tim Small
<[EMAIL PROTECTED]>. (closes: 383486) 2 module fixes thus urgency high.
Files:
adc42bb5b99b665afe6b597439021704 623 utils optional initramfs-tools_0.75.dsc
35c44a9a044772776d3bfbc52d41bbc0 46829 utils optional
initramfs-tools_0.75.tar.gz
3eafb6fe70da6030f5d048015645a5b8 52158 utils optional
initramfs-tools_0.75_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFE5dab6n7So0GVSSARAtphAJ9ONv0sdg5mSWWSS8fqAs+omargkwCfbE+u
X2+9EGmwwyrR5G2GOE169UI=
=d5t/
-----END PGP SIGNATURE-----
--- End Message ---
