Red Hat Bugzilla – Bug 167553
Good: FutureFeature to be added at next release
Last modified: 2014-03-16 22:55:44 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030922
Description of problem:
Of course modifying boot scripts is by no means that difficult. However, it is a matter of utmost importance as it will only enhance security being implemented as a default solution.
Prompt the user before loading of devfs, if the user chooses to run it - or during the call in the /etc/rc*scripts for /sbin/init, how the user wants to log in( i.e. default run-level for the preferred login). It is also a good idea to add to the etc/rc.d/init.d scripts the option of running processes as user or root.
I believe TRUE root should not be running X. There are far to many processes a hacker may access if someone chooses to run X as root though it is foolish.
The xfs filesystem daemon should only be invoked in a chroot directory for the same reason. I don't think it would hurt if first-boot carried the user into X to implement the desired situation. In this manner, a FutureFeature-Dialog could interact with the user to produce the end result.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.call of /sbin/init
- there is no loading of devfs
- there is no 'xfs filesystem daemon'
- there already is the --user option to daemon in /etc/init.d/functions for
scripts to run as an alternate user
- you can pass the default level on the commandline
- by loading devfs I am speaking of implimenting devfs in the scripts after the
daemon is compiled.
- as far as no xfs daemon there ought to be... please hear me.
GNU already has the ability to wrap sshd around tcpd and tcpd around what ever
else: if an xfs daemon is created, one can tunnel xfs so as to not take up the
whole of the screen. You can bring up different terminal windows this way when
the wrapping is as so... sshd -> tcpd -> xfsd. This scenario would give one the
ability to bring up the different terminal windows in different colors to
indicate different warning levels of state change or intrusion.
This way you can diagnose all of your processes in real-time at every run-level
at the same-time.