Date: Sat, 21 Mar 2015 01:33:53 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 198760] loader.conf(5)/check-password.4th(8): bootlock_password exceeding 16 characters creates unbootable system Message-ID: <bug-198760-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198760 Bug ID: 198760 Summary: loader.conf(5)/check-password.4th(8): bootlock_password exceeding 16 characters creates unbootable system Product: Base System Version: 9.2-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: dteske@FreeBSD.org When utilizing the bootlock_password feature of loader.conf(5) (see check-password.4th(8) for additional details) introduced in FreeBSD 9.2-RELEASE, if you set a password that exceeds 16 characters in length, the system cannot be booted since check-password.4th does a comparison between the full contents of $bootlock_password and the 16-byte-max user input. check-password.4th should instead truncate the loader.conf(5) variable contents to the maximum allowable length prior to comparison against user-input. This would allow a system to boot if the user is knowledgable of the input limit while the loader.conf setting exceeds maximum user-input -- the alternative being that you absolutely must use a LiveCD to recover from the situation of innocuously setting a value that is greater than 16 characters in length. NB: An enhancement coming soon will increase the maximum length to 255 characters which will make it less likely that folks will hit this -- but despite that, the solution of making a truncated comparison will alleviate the situation of making an unbootable system unintentionally. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-198760-8>