Novell Cool Solutions

Avoiding Security Problem in ZENworks 7


May 17, 2006 12:00 am





“Leon’s solution should work, but if you have ZDM6.5SP2 or ZDM7, there is a much easier way – the linuxrc command noshell. If you include noshell=1 in the settings.txt (for the bootcd), in the .cfg file for linux servers, to the .cmd files for NetWare servers, then you will still get terminals 3 and 4 (which are read only), but you will lose the terminals which allow input.”

Shaun Pond–
ZENworks Product Specialist
Novell, Inc.

We detected a security problem in the linux-2.6.7 kernel of ZENworks 7. The new kernel in the zen7-pxe-boot allows users to use the alternate console through alt+f2, alt+f3, etc.

A possible solution lies within the editing of prompt.s and
the tool fuser

  1. Copy from the tftp-directory initrd to a Linux-workstation.
  2. mv initrd initrd.gz
    gunzip initrd.gz
    mount -o loop initrd [mount point]
  3. cd /path-to-mountpoint
    cd bin
    edit prompt.s with your favorite editor

    I added after the line with getmenu:

    fuser -9 -k /dev/tty2
    fuser -9 -k /dev/tty9
    fuser -9 -k /dev/tty6
    fuser -9 -k /dev/tty5

    Save prompt.s and return to the initial path

  4. umount [mount point]
    gzip initrd
    mv initrd.gz initrd
0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.

Categories: Uncategorized


Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.