ctrl-c during boot != good
Dan Williams
dcbw at redhat.com
Sun Sep 24 03:43:45 UTC 2006
On Sat, 2006-09-23 at 19:45 +0200, Ola Thoresen wrote:
> > Bill, doesn't the facility already exist for those people? Namely
> > "interactive boot"?
> >
> > Enabling this seems like a very bad tradeoff security wise. It is
> > friendly/easier to always login to the GUI as root but we don't because
> > that is bad security practice.
>
> If the facility already exists with "interactive boot", then why would
> it have any implications to be able to ctrl-c in addition?
>
> I have a few services starting at boot that depends on network (mounting
> of NFS-shares, connectiong to LDAP-servers and so on) which makes
> booting without network a _real_ pain.
Maybe those services should get fixed to check for the existence of a
network connection before trying to do what they do. Rather than
hacking around dumb apps, we should fix the problem at the source.
Dan
> 99.9% of the time, I am connected to the network, and this is no
> problem. But the remaining 0.1% is normally when I need to boot _fast_
> - because there is a problem with the network, and I need the laptop to
> fix it.
>
> I _could_ remember to boot into runlevel 1 and start neccessary services
> manually.
> Or I _could_ remember to press I for interactive boot.
> But it is _so_ much easier to just press ctrl-c when the boot hangs on
> "mounting nfs shares" instead of having to reboot again.
>
> It could ofcourse be made configureable, but then the same thing should
> be done for the "Interactive boot". Then there are times when you need
> it even if it is turned off in the config-file, so you would need to be
> able to override it from grub, and then my question is - what are the
> _real_ security gained from this?
>
>
>
More information about the fedora-devel-list
mailing list