SVN: geninitrd/trunk/geninitrd

arekm arekm at pld-linux.org
Sun Mar 2 22:21:58 CET 2008


Author: arekm
Date: Sun Mar  2 22:21:57 2008
New Revision: 9559

Modified:
   geninitrd/trunk/geninitrd
Log:
debugshell is potential security weakness so make it dependant on sysconfig/system:RUN_SULOGIN_ON_ERR

Modified: geninitrd/trunk/geninitrd
==============================================================================
--- geninitrd/trunk/geninitrd	(original)
+++ geninitrd/trunk/geninitrd	Sun Mar  2 22:21:57 2008
@@ -17,6 +17,7 @@
 
 . /etc/rc.d/init.d/functions
 . /etc/geninitrd/functions
+. /etc/sysconfig/system
 
 COMPRESS=yes
 USERAIDSTART=yes
@@ -1842,7 +1843,17 @@
 	# make debugshell() invoke subshell if $DEBUGINITRD=sh
 	if [ "$DEBUGINITRD" = "sh" ]; then
 		debugshell() {
-			sh
+EOF
+if is_yes "$RUN_SULOGIN_ON_ERR"; then
+add_linuxrc <<-'EOF'
+	echo "debug shell disabled by /etc/sysconfig/system:RUN_SULOGIN_ON_ERR setting"
+EOF
+else
+add_linuxrc <<-'EOF'
+	sh
+EOF
+fi
+add_linuxrc <<-'EOF'
 		}
 	else
 		debugshell() {


More information about the pld-cvs-commit mailing list