Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262865AbTIRBZu (ORCPT ); Wed, 17 Sep 2003 21:25:50 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262919AbTIRBZu (ORCPT ); Wed, 17 Sep 2003 21:25:50 -0400 Received: from fw.osdl.org ([65.172.181.6]:56545 "EHLO mail.osdl.org") by vger.kernel.org with ESMTP id S262865AbTIRBZu (ORCPT ); Wed, 17 Sep 2003 21:25:50 -0400 Date: Wed, 17 Sep 2003 18:25:43 -0700 From: Chris Wright To: John R Moser Cc: linux-kernel@vger.kernel.org Subject: Re: Small security option Message-ID: <20030917182543.A17202@osdlab.pdx.osdl.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from jmoser5@student.ccbc.cc.md.us on Wed, Sep 17, 2003 at 08:55:44PM -0400 Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 794 Lines: 18 * John R Moser (jmoser5@student.ccbc.cc.md.us) wrote: > Why wasn't this done in the first place anyway? > > Some sysadmins like to disable the other boot devices and password-protect > the bios. Good, but if the person can pass init=, you're screwed. > > Here's a small patch that does a very simple thing: Disables "init=" and > using /bin/sh for init. That'll stop people from rooting the box from grub. If you have this access, you already own the box. -chris -- Linux Security Modules http://lsm.immunix.org http://lsm.bkbits.net - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/