Avoiding Security Problem in ZENworks 7
Novell Cool Solutions: Tip
By Leon van Lare
Digg This -
Posted: 17 May 2006
"Leon's solution should work, but if you have ZDM6.5SP2 or ZDM7, there is a much easier way - the linuxrc command noshell. If you include noshell=1 in the settings.txt (for the bootcd), in the .cfg file for linux servers, to the .cmd files for NetWare servers, then you will still get terminals 3 and 4 (which are read only), but you will lose the terminals which allow input."
We detected a security problem in the linux-2.6.7 kernel of ZENworks 7. The new kernel in the zen7-pxe-boot allows users to use the alternate console through alt+f2, alt+f3, etc.
A possible solution lies within the editing of prompt.s and the tool fuser
- Copy from the tftp-directory initrd to a Linux-workstation.
- mv initrd initrd.gz
mount -o loop initrd [mount point]
- cd /path-to-mountpoint
edit prompt.s with your favorite editor
I added after the line with getmenu:
fuser -9 -k /dev/tty2
fuser -9 -k /dev/tty9
fuser -9 -k /dev/tty6
fuser -9 -k /dev/tty5
Save prompt.s and return to the initial path
- umount [mount point]
mv initrd.gz initrd
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com