Novell Home

Avoiding Security Problem in ZENworks 7

Novell Cool Solutions: Tip
By Leon van Lare

Digg This - Slashdot This

Posted: 17 May 2006
 

"Leon's solution should work, but if you have ZDM6.5SP2 or ZDM7, there is a much easier way - the linuxrc command noshell. If you include noshell=1 in the settings.txt (for the bootcd), in the .cfg file for linux servers, to the .cmd files for NetWare servers, then you will still get terminals 3 and 4 (which are read only), but you will lose the terminals which allow input."

Shaun Pond–
ZENworks Product Specialist
Novell, Inc.

We detected a security problem in the linux-2.6.7 kernel of ZENworks 7. The new kernel in the zen7-pxe-boot allows users to use the alternate console through alt+f2, alt+f3, etc.

A possible solution lies within the editing of prompt.s and the tool fuser

  1. Copy from the tftp-directory initrd to a Linux-workstation.


  2. mv initrd initrd.gz
    gunzip initrd.gz
    mount -o loop initrd [mount point]


  3. cd /path-to-mountpoint
    cd bin
    edit prompt.s with your favorite editor

    I added after the line with getmenu:

    fuser -9 -k /dev/tty2
    fuser -9 -k /dev/tty9
    fuser -9 -k /dev/tty6
    fuser -9 -k /dev/tty5

    Save prompt.s and return to the initial path


  4. umount [mount point]
    gzip initrd
    mv initrd.gz initrd


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell