[Mageia-dev] bug, omission or feature

Sun Jun 3 17:52:47 CEST 2012

'Twas brillig, and Richard Couture at 03/06/12 12:27 did gyre and gimble:
+> I notice that when, at the end of the installation of MGA2, I select the
+> level of security as HIGH, that I am permitted entry into the system in
+> Linux Single mode without a challenge password, which is a new, and IMHO
+> undesirable, behavior from previous versions.
+> 
+> Is this a new feature, or have I stumbled upon a bug?
+> 
+> The /etc/inittab does have ~~:S:wait:/sbin/sulogin in it but I can get
+> in without a password... Must be something new in system D
+
+/etc/inittab is no longer used or read.
+
+For single user mode now-a-days we boot to rescue.target (this is done
+automatically if you just put a 1 at the end of the kernel command line
+to support "runlevel 1").
+
+Ultimately this pulls in rescue.service
+
+This file should source the contents of /etc/sysconfig/init and then
+execute:
+
+/bin/bash -c "exec ${SINGLE}"
+
+So please check /etc/sysconfig/init and make sure SINGLE is set to
+/sbin/sulogin rather than /sbin/sushell.
+
+However you will see from previous threads that I'm not convinced
+sulogin is actually working all that well just now and it some
+pre-release testing it didn't run properly for me.
+
+
+
+On the whole, this kind of "security" is basically bullshit anyway. It
+might make things a tiny bit harder, but if you can get into the
+bootloader to append a 1 on the command line, you can also append
+init=/bin/bash too which totally bypasses everything too. So while it's
+maybe a nice idea, for all practical purposes, it's not any kind of real
+security anyway, so don't rely on it!
+
+
+Col
+
+
+
+-- 
+
+Colin Guthrie
+colin(at)mageia.org
+http://colin.guthr.ie/
+
+Day Job:
+  Tribalogic Limited http://www.tribalogic.net/
+Open Source:
+  Mageia Contributor http://www.mageia.org/
+  PulseAudio Hacker http://www.pulseaudio.org/
+  Trac Hacker http://trac.edgewall.org/
+