[SECURITY] Simpleinit root exploit

Steve Prior sprior at geekster.com
Sun May 26 14:50:57 PDT 2002


While it may be convenient and I am more server than workstation biased
in my Unix use, I have a string preference for booting to a text console
and starting up X when/if needed.  The main reason is that X depends on
networking code being operational and if it isn't you at the very best
have to wait out timeouts to get to a login prompt.  I used to manage
a bunch of Unix machines which were set up and moved from place to
place a lot and if the machine was set up to boot to X, then if it was
booted outside of the network environment it was used to it was a pain.

Steve

Gerard Beekmans wrote:
> On Sun, May 26, 2002 at 10:24:34PM +0200, Matthias Benkmann wrote:
> 
>>No, maybe this was badly phrased but I meant the term "program" to include
>>boot scripts. Whatever code is executed as bootprog or by code run as
>>bootprog is vulnerable, regardless of whether it's an ELF binary, a Perl
>>script, a shell script or whatever. So the workaround is to be read as
>>"Do not start *anything* that interacts with untrusted users directly or
>>indirectly as bootprog/finalprog/ctrlaltdel". 
> 
> 
> So far for convenience of booting into graphical userinterface at boottime.
> Oh well :)
> 


-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list