Your message dated Sun, 31 Aug 2014 07:34:00 +0000
with message-id <e1xnzec-0007r4...@franck.debian.org>
and subject line Bug#751488: fixed in initramfs-tools 0.116
has caused the Debian Bug report #751488,
regarding initramfs-tools: Shell spawned despite panic=0
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
751488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751488
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: initramfs-tools
Version: 0.109.1
Severity: critical
Tags: patch
Hi,
I've set panic=0 as a kernel cmdline argument which should trigger a
reboot instead of spawning a shell. However, the reboot seems to be
uneffective and a shell is spawned nevertheless. This is unpleasing
since spawn=0 is "marketed" as a security feature in
initramfs-tools(8):
panic sets an timeout on panic. panic=<sec> is a documented
security feature: it disables the debug shell.
Output on screen:
Loading, please wait ...
Spawning shell within the initramfs
Rebooting automatically due to panic= boot argument
BusyBox v1.20.2 (Debian 1:1.20.0-7) built-in shell (ash)
Enter 'help' for a list of built-in commands.
/bin/sh: can't access tty; job control turned off
(initramfs) _
The commands halt, reboot, etc. don't work either.
To fix the security impact of an open shell I propose to at least add a
return after the reboot command so that if the reboot is effectively a
NOP still no shell is spawned.
diff --git a/scripts/functions b/scripts/functions
index 5352f1d..de64494 100644
--- a/scripts/functions
+++ b/scripts/functions
@@ -43,6 +43,7 @@ panic()
echo "Rebooting automatically due to panic= boot argument"
sleep ${panic}
reboot
+ return
fi
modprobe -v i8042 || true
modprobe -v atkbd || true
Regards,
Lukas
--- End Message ---
--- Begin Message ---
Source: initramfs-tools
Source-Version: 0.116
We believe that the bug you reported is fixed in the latest version of
initramfs-tools, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 751...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Prokop <m...@debian.org> (supplier of updated initramfs-tools package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 31 Aug 2014 00:12:42 -0700
Source: initramfs-tools
Binary: initramfs-tools
Architecture: source all
Version: 0.116
Distribution: unstable
Urgency: medium
Maintainer: Debian kernel team <debian-ker...@lists.debian.org>
Changed-By: Michael Prokop <m...@debian.org>
Description:
initramfs-tools - generic modular initramfs generator
Closes: 633582 679436 689558 697368 745731 748805 750360 751143 751488
Changes:
initramfs-tools (0.116) unstable; urgency=medium
.
The "DebConf14" release
.
[ Helge Deller ]
* [cee3e18] get_fstype: initialize FSTYPE variable (Closes: #745731)
.
[ maximilian attems ]
* [7bc24f8] scripts/nfs: fix nfs mount check for possible init symlink
(Closes: #750360)
.
[ Aurelien Jarno ]
* [2e325a2] hook-functions: add support for virtio-mmio
(Closes: #751143)
.
[ Michael Prokop ]
* [4c0338a] Fix hidden dependency issue with btrfs and crc32c. Thanks to
Markus Wanner <mar...@bluegap.ch> for the analysis and patch
(Closes: #748805)
* [2290173] Do not spawn shell when panic=... is used. Thanks to Lukas
Anzinger <l.anzin...@gmail.com> for the analysis and patch
(Closes: #751488)
* [0e914d0] Preserve file permissions if root builds the initramfs
images. Thanks to Harald Hoyer <har...@redhat.com> for providing the
patch in dracut (Closes: #633582)
* [39d0561] Support drop_capabilities=... boot option. Thanks to Kees
Cook <k...@debian.org> for the patch (Closes: #679436)
* [3d6fe1e] Support MODULES=dep usage on i2o hardware RAID controller.
Thanks to Stephen Powell <zlinux...@wowway.com> for the patch
(Closes: #689558)
* [a5126cf] Support usage of partitioned nbd devices with MODULES=dep.
Thanks to Ian Campbell <i...@hellion.org.uk> for the patch
(Closes: #697368)
* [ebeffcd] Inform user that lsinitramfs doesn't support cpio archives
yet. Thanks to Javier Barroso <javibarr...@gmail.com> for the initial
patch
* [ad7ab64] Bump Standards-Version to 3.9.5
Checksums-Sha1:
2a8865be87ad08dd4922987e9645c9dc94aaaa03 1077 initramfs-tools_0.116.dsc
3ac18ba91f79e9774c880710156cf318b8e7cbab 74508 initramfs-tools_0.116.tar.xz
908f307bd9aa7d33dcc9a5a40166b30e6940f26c 88996 initramfs-tools_0.116_all.deb
Checksums-Sha256:
4ee5a11eb84c2134caf6cedaf4d0ea6404286e7795f044585811a4928043951d 1077
initramfs-tools_0.116.dsc
fe3d8eccc6590323d29480da171b051f13148adbc64d32af906e734556622ed2 74508
initramfs-tools_0.116.tar.xz
61062075502e177ea28e43340950ee64b45d5598b6585f8bf1d38f37bf241154 88996
initramfs-tools_0.116_all.deb
Files:
dc5d69975136f08acf3c735fd6628fd3 88996 utils optional
initramfs-tools_0.116_all.deb
411f9c40f3545dfe7408540175e41e5e 1077 utils optional initramfs-tools_0.116.dsc
950b01f36b166fea941a4e9448d1d750 74508 utils optional
initramfs-tools_0.116.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlQCzFoACgkQ2N9T+zficugn9QCdEdZRfghx9mUPPXdY3qlNxCGF
qZcAn07eQgmPvNDYsgz68/bplP9dqYXf
=Vo4t
-----END PGP SIGNATURE-----
--- End Message ---
