[SECURITY] Simpleinit root exploit
sprior at geekster.com
Sun May 26 14:50:57 PDT 2002
While it may be convenient and I am more server than workstation biased
in my Unix use, I have a string preference for booting to a text console
and starting up X when/if needed. The main reason is that X depends on
networking code being operational and if it isn't you at the very best
have to wait out timeouts to get to a login prompt. I used to manage
a bunch of Unix machines which were set up and moved from place to
place a lot and if the machine was set up to boot to X, then if it was
booted outside of the network environment it was used to it was a pain.
Gerard Beekmans wrote:
> On Sun, May 26, 2002 at 10:24:34PM +0200, Matthias Benkmann wrote:
>>No, maybe this was badly phrased but I meant the term "program" to include
>>boot scripts. Whatever code is executed as bootprog or by code run as
>>bootprog is vulnerable, regardless of whether it's an ELF binary, a Perl
>>script, a shell script or whatever. So the workaround is to be read as
>>"Do not start *anything* that interacts with untrusted users directly or
>>indirectly as bootprog/finalprog/ctrlaltdel".
> So far for convenience of booting into graphical userinterface at boottime.
> Oh well :)
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message
More information about the lfs-security