Package: initramfs-tools Version: 0.92l Hello,
initrams created by initramfs-tools default to opening shell access to the system on errors. This is an insecure default. Errors can be induced on otherwise secured systems in many ways, like plugging in USB sticks, eSATA devices, entering wrong passphrases, or whatever. The rest of the system tries to ensure not to give away unauthorized (root) shells by asking for passwords when entering maintenance or single user mode, etc. I know that initrams can be tweaked not to bail to a shell as a side-effect of setting the panic= kernel parameter. However, users have to explicitely choose this secure way. A cleaner approach w.r.t. secure defaults, IMHO, would be to let users choose the insecure way by setting a `bailtoshell' parameter or something like that (probably at the kernel commandline to allow emergency intervention). I'm not sure about the severity of this bug report, so I leave that up to you. regards Mario -- > As Luke Leighton said once on samba-ntdom, "now, what was that about > rebooting? that was so long ago, i had to look it up with man -k."
signature.asc
Description: Digital signature
