From owner-svn-src-head@freebsd.org  Wed Aug 15 08:45:06 2018
Return-Path: <owner-svn-src-head@freebsd.org>
Delivered-To: svn-src-head@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id BE07E107A02E;
 Wed, 15 Aug 2018 08:45:06 +0000 (UTC)
 (envelope-from trasz@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7447E807DB;
 Wed, 15 Aug 2018 08:45:06 +0000 (UTC)
 (envelope-from trasz@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 3CD9527F37;
 Wed, 15 Aug 2018 08:45:06 +0000 (UTC)
 (envelope-from trasz@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w7F8j61N089300;
 Wed, 15 Aug 2018 08:45:06 GMT (envelope-from trasz@FreeBSD.org)
Received: (from trasz@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id w7F8j56b089298;
 Wed, 15 Aug 2018 08:45:05 GMT (envelope-from trasz@FreeBSD.org)
Message-Id: <201808150845.w7F8j56b089298@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: trasz set sender to
 trasz@FreeBSD.org using -f
From: Edward Tomasz Napierala <trasz@FreeBSD.org>
Date: Wed, 15 Aug 2018 08:45:05 +0000 (UTC)
To: src-committers@freebsd.org, svn-src-all@freebsd.org,
 svn-src-head@freebsd.org
Subject: svn commit: r337834 - in head: sbin/init stand/man
X-SVN-Group: head
X-SVN-Commit-Author: trasz
X-SVN-Commit-Paths: in head: sbin/init stand/man
X-SVN-Commit-Revision: 337834
X-SVN-Commit-Repository: base
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
 <svn-src-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head/>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-src-head>,
 <mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Aug 2018 08:45:07 -0000

Author: trasz
Date: Wed Aug 15 08:45:05 2018
New Revision: 337834
URL: https://svnweb.freebsd.org/changeset/base/337834

Log:
  Add SECURITY section to loader(8).
  
  Reviewed by:	bcr, jilles, imp (earlier version)
  MFC after:	2 weeks
  Sponsored by:	DARPA, AFRL
  Differential Revision:	https://reviews.freebsd.org/D16700

Modified:
  head/sbin/init/init.8
  head/stand/man/loader.8

Modified: head/sbin/init/init.8
==============================================================================
--- head/sbin/init/init.8	Wed Aug 15 06:42:31 2018	(r337833)
+++ head/sbin/init/init.8	Wed Aug 15 08:45:05 2018	(r337834)
@@ -31,7 +31,7 @@
 .\"     @(#)init.8	8.3 (Berkeley) 4/18/94
 .\" $FreeBSD$
 .\"
-.Dd August 14, 2018
+.Dd August 15, 2018
 .Dt INIT 8
 .Os
 .Sh NAME
@@ -86,6 +86,15 @@ The password check is skipped if the
 .Em console
 is marked as
 .Dq secure .
+Note that the password check does not protect from variables
+such as
+.Va init_script
+being set from the
+.Xr loader 8
+command line; see the
+.Sx SECURITY
+section of
+.Xr loader 8 .
 .Pp
 If the system security level (see
 .Xr security 7 )

Modified: head/stand/man/loader.8
==============================================================================
--- head/stand/man/loader.8	Wed Aug 15 06:42:31 2018	(r337833)
+++ head/stand/man/loader.8	Wed Aug 15 08:45:05 2018	(r337834)
@@ -24,7 +24,7 @@
 .\"
 .\" $FreeBSD$
 .\"
-.Dd August 14, 2018
+.Dd August 15, 2018
 .Dt LOADER 8
 .Os
 .Sh NAME
@@ -945,6 +945,42 @@ version at compile time.
 .Nm
 version.
 .El
+.Sh SECURITY
+Access to the
+.Nm
+command line provides several ways of compromising system security,
+including, but not limited to:
+.Pp
+.Bl -bullet -compact
+.It
+Booting from removable storage, by setting the
+.Va currdev
+or
+.Va loaddev
+variables
+.It
+Executing binary of choice, by setting the
+.Va init_path
+or
+.Va init_script
+variables
+.It
+Overriding ACPI DSDT to inject arbitrary code into the ACPI subsystem
+.El
+.Pp
+One can prevent unauthorized access
+to the
+.Nm
+command line by setting the
+.Va password ,
+or setting
+.Va autoboot_delay
+to -1.
+See
+.Xr loader.conf 5
+for details.
+In order for this to be effective, one should also configure the firmware
+(BIOS or UEFI) to prevent booting from unauthorized devices.
 .Sh FILES
 .Bl -tag -width /usr/share/examples/bootforth/ -compact
 .It Pa /boot/loader