Debian Bug report logs - #145244
Securing Debian Manual: desactivating prompt when the system is brought up

Package: harden-doc; Maintainer for harden-doc is Javier Fernandez-Sanguino Pen~a <jfs@computer.org>; Source for harden-doc is src:harden-doc.

Reported by: Yann Forget <yann@codalis.ch>

Date: Tue, 30 Apr 2002 11:33:02 UTC

Severity: important

Tags: moreinfo, security

Done: Javier Fernández-Sanguino Peña <jfs@computer.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, James Treacy and others <debian-www@lists.debian.org>, www.debian.org@packages.qa.debian.org:
Bug#145244; Package www.debian.org. Full text and rfc822 format available.

Acknowledgement sent to Yann Forget <yann@codalis.ch>:
New Bug report received and forwarded. Copy sent to James Treacy and others <debian-www@lists.debian.org>, www.debian.org@packages.qa.debian.org. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Yann Forget <yann@codalis.ch>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Securing Debian Manual: desactivating prompt when the system is brought up
Date: Tue, 30 Apr 2002 13:19:13 +0200
Package: www.debian.org
Version: N/A; reported 2002-04-30
Severity: important
Tags: security

In the Securing Debian Manual, this no mention on how to desactivate the prompt
when the system is brought up.

The answer is in man mkinitrd.conf:

"DELAY  The  number  of seconds the linuxrc script should wait to
 allow the user to interrupt it before the system is brought up."

This feature is a potential security problem.
OMHO, it should even be desactivated by default.
At the very least, it should be documented in the Securing Manual.

Thanks,
Yann

-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux r2d2 2.4.18-686 #1 Sun Apr 14 11:32:47 EST 2002 i686
Locale: LANG=fr_FR@euro, LC_CTYPE=fr_FR@euro




Bug reassigned from package `www.debian.org' to `harden-doc'. Request was from Matt Kraai <kraai@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Javier Fernández-Sanguino Peña <jfs@computer.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Yann Forget <yann@codalis.ch>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 145244-close@bugs.debian.org (full text, mbox):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>
To: Yann Forget <yann@codalis.ch>, 145244-close@bugs.debian.org
Subject: Re: Bug#145244: Securing Debian Manual: desactivating prompt when the system is brought up
Date: Tue, 30 Apr 2002 21:54:13 +0200
On Tue, Apr 30, 2002 at 01:19:13PM +0200, Yann Forget wrote:
> 
> In the Securing Debian Manual, this no mention on how to desactivate the prompt
> when the system is brought up.

	This information has been added. Also, please notice that this
does not seem to bother the woody installation since the default kernel is
*not* 2.4.
	I'm committing changes to the Securing Debian Manual and closing
this.

	Javi



Information forwarded to debian-bugs-dist@lists.debian.org, Ola Lundqvist <opal@debian.org>, harden@packages.qa.debian.org:
Bug#145244; Package harden-doc. Full text and rfc822 format available.

Acknowledgement sent to opal@debian.org:
Extra info received and forwarded to list. Copy sent to Ola Lundqvist <opal@debian.org>, harden@packages.qa.debian.org. Full text and rfc822 format available.

Message #17 received at 145244@bugs.debian.org (full text, mbox):

From: Ola Lundqvist <opal@debian.org>
To: 145244@bugs.debian.org, Yann Forget <yann@codalis.ch>
Cc: control@bugs.debian.org
Subject: The defaults have changed.
Date: Tue, 7 May 2002 08:50:46 +0200
tags 145244 + moreinfo
thanks

Hi

The defaults for the kernel delay have been changed to 0
(not possible anymore). Do you still think this is a
problem then.

Anyway you can always go behind the cenes when using
lilo. You could type lilo root=xxx initrd=foo etc. But well yes
it could be mentioned in the manual.

Regards,

// Ola

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------



Tags added: moreinfo Request was from Ola Lundqvist <opal@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:20:50 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.