Date: Wed, 15 Aug 2018 08:45:05 +0000 (UTC) From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r337834 - in head: sbin/init stand/man Message-ID: <201808150845.w7F8j56b089298@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: trasz Date: Wed Aug 15 08:45:05 2018 New Revision: 337834 URL: https://svnweb.freebsd.org/changeset/base/337834 Log: Add SECURITY section to loader(8). Reviewed by: bcr, jilles, imp (earlier version) MFC after: 2 weeks Sponsored by: DARPA, AFRL Differential Revision: https://reviews.freebsd.org/D16700 Modified: head/sbin/init/init.8 head/stand/man/loader.8 Modified: head/sbin/init/init.8 ============================================================================== --- head/sbin/init/init.8 Wed Aug 15 06:42:31 2018 (r337833) +++ head/sbin/init/init.8 Wed Aug 15 08:45:05 2018 (r337834) @@ -31,7 +31,7 @@ .\" @(#)init.8 8.3 (Berkeley) 4/18/94 .\" $FreeBSD$ .\" -.Dd August 14, 2018 +.Dd August 15, 2018 .Dt INIT 8 .Os .Sh NAME @@ -86,6 +86,15 @@ The password check is skipped if the .Em console is marked as .Dq secure . +Note that the password check does not protect from variables +such as +.Va init_script +being set from the +.Xr loader 8 +command line; see the +.Sx SECURITY +section of +.Xr loader 8 . .Pp If the system security level (see .Xr security 7 ) Modified: head/stand/man/loader.8 ============================================================================== --- head/stand/man/loader.8 Wed Aug 15 06:42:31 2018 (r337833) +++ head/stand/man/loader.8 Wed Aug 15 08:45:05 2018 (r337834) @@ -24,7 +24,7 @@ .\" .\" $FreeBSD$ .\" -.Dd August 14, 2018 +.Dd August 15, 2018 .Dt LOADER 8 .Os .Sh NAME @@ -945,6 +945,42 @@ version at compile time. .Nm version. .El +.Sh SECURITY +Access to the +.Nm +command line provides several ways of compromising system security, +including, but not limited to: +.Pp +.Bl -bullet -compact +.It +Booting from removable storage, by setting the +.Va currdev +or +.Va loaddev +variables +.It +Executing binary of choice, by setting the +.Va init_path +or +.Va init_script +variables +.It +Overriding ACPI DSDT to inject arbitrary code into the ACPI subsystem +.El +.Pp +One can prevent unauthorized access +to the +.Nm +command line by setting the +.Va password , +or setting +.Va autoboot_delay +to -1. +See +.Xr loader.conf 5 +for details. +In order for this to be effective, one should also configure the firmware +(BIOS or UEFI) to prevent booting from unauthorized devices. .Sh FILES .Bl -tag -width /usr/share/examples/bootforth/ -compact .It Pa /boot/loader
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201808150845.w7F8j56b089298>