Recompile initramfs equivalent?

C

canihazsekooriti

So I have this weird security issue where on my Linux install I get suspicious behavior upon reboot sometimes. I reboot, try to mount some stuff, and out of the blue it tells me something has changed in the /etc/fstab file, it was modified or something. Very strange. Never happened before. Nothing gets modified. This warning goes away if I recompile my initramfs -which is very easy, I run dracut on Fedora. After rebooting, no weird things happen when I try to mount things. I don't know what this could be...maybe my initramfs get compromised/corrupted somehow?

Regardless, how would I do this on FreeBSD easily? From the little I gather FreeBSD is monolithic as in there's only the kernel and nothing else. Does this mean I must recompile kernel every time? I know OpenBSD has random linking of kernel parts during bootup....can this be done on FreeBSD?
 
Linux initramfs is a whole userland with shell and all that. FreeBSD has no equivalent.

It is not clear to me what you to happen. Some limited functionality that is done in userspace in Linux initramfs is indeed built into the FreeBSD kernel. You control that with loader.conf variables. There is no file tree to explore like with initrd.
 
cracauer@ said:
Some limited functionality that is done in userspace in Linux initramfs is indeed built into the FreeBSD kernel.
Click to expand...
What functionality?
EDIT: Never mind, I chatgpt'd it. I guess the point is then that you just recompile the kernel if there are any issues like what I described. Still wondering then if there has been any talk of implementing dynamic runtime re-linking of kernel at boot for FreeBSD?
 
I'm not sure what other runtime linking than the loadable modules are useful. Can you give an example?

As for functionality that is in kernel code, as example is the code to take a key and optionally a passphrase and mount encrypted block devices. In Linux you just use the same userland util you use after boot, and it is in the initrd. In FreeBSD the kernel itself knows how to do it and you give loader.conf variables to make choices.

Recompiling the kernel after a compromise is as potentially futile as rebuilding the initrd. You are running the compromised kernel (or after the compromised initrd), so that kernel could re-compromise your new kernel or initrd when it is being built.
 
You must log in or register to reply here.
Back
Top