Date: Sun, 06 Aug 2017 18:53:42 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 221289] Setting loader.conf password prevents autoboot, manual boot still okay; password leaked Message-ID: <bug-221289-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D221289 Bug ID: 221289 Summary: Setting loader.conf password prevents autoboot, manual boot still okay; password leaked Product: Base System Version: 11.1-STABLE Hardware: amd64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: fred@boyce.za.net Hi Team As my first bug report, I'll take the opportunity to say thanks! to everyone who contributes. I have a fresh install of Free 11.1 in a Parallels VM on my Mac. I used ZFS auto-layout on installation; ZFS seems unrelated to the problem described h= ere. Problem 1: Everything is fine until I add 'password=3D"test"' to the /boot/loader.conf. Rebooting then fails: Loading /boot/defaults/loader.conf can't load 'kernel' no valid kernel found ...and then I'm dropped into the (Forth I think) shell/interpreter. At this point, if I try to "autoboot", I get these errors again: can't load 'kernel' no valid kernel found But if I simply "boot", everything proceeds correctly. The "show" command reveals: kernel=3Dkernel kernel_options=3D ...and the mystic variable "kernelname" is not set at this point (added to boot.c in Git revision https://github.com/freebsd/freebsd/commit/475f83c70ca2a39eacdb9dfe774681a8e= 8c2f305#diff-337b216f8bcf5c9351318742f496b65e). This seems to be a problem beyond just my experience: https://forums.freebsd.org/threads/58292/. It seems to be unrelated to the previous problem described in https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D170110. I don't know if it makes a difference that line 80 of sys/boot/common/boot.c calls loadakernel(0, argc - 1, argv + 1); in the boot case, but only loadakernel(0, 0, argv); in the autoboot case? (Sorry, I don't have the understanding to try to debug further). ---- Problem 2: Once we've failed to boot, and dropped to the interpreter, a sim= ple "show" will reveal the boot password in plain text as one of the environment variables. I suppose it would be a kludgy workaround to filter out the pass= word variables from "command_show" in sys/boot/common/commands.c; but that would have other unintended consequences for debugging? Is it not possible to integrate a lightweight hashing function to rather hash the password in loader.conf for comparison in the boot loader? Thanks! --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-221289-8>