Fedora safe/recovery mode
Thomas M Steenholdt
tmus at tmus.dk
Sat Mar 3 19:29:28 UTC 2007
Enrico Scholz wrote:
> kagesenshi.87 at gmail.com ("Hikaru Amano") writes:
>
>>> AP> Seems like it would be advantageous to have a boot target that
>>> AP> goes to runlevel 3 all the time.
>> ...
>> I think he suggesting a default entry for that in a fedora
>> installation .. eg: a grub option with the title "Recovery Console"
>
> /me would expect runlevel 1 behind 'Recovery Console', but not 3...
>
>
> Enrico
>
There are some security considerations with runlevel 1.
On runlevel 2-5, the user is presented with a login screen. I haven't
tested this in fedora for some months, but last I checked, runlevel 1
dropped the user directly in a root shell.
Runlevel 3 is at least as safe as runlevel 5 and could be used with no
security implications.
So I guess the approach for something like this depends a lot on what
the rescue shell should be used for? System recovery would probably call
for runlevel 1 (or perhaps a safe-mode runlevel 2 with no drivers,
nosmp, noacpi, noapic nolapic and whatever we can think off), but in the
runlevel 1 case at least, we should make absolutely sure, the grub
stanza is password protected and/or 2) the "drop to root shell without a
password" feature is disabled (for all imaginable scenarios).
I realize that the grub bootloader is not password protected by default
in fedora, so putting an init=/bin/bash on the kernel cmdline and
booting is an easy way in. But for the setups that actually tries to
protect against these easy ways in, we should be really careful not to
introduce a just-as-easy backdoor via the new recovery option...
/Thomas
More information about the fedora-devel-list
mailing list