From owner-cvs-all  Mon Dec 10 22: 5:20 2001
Delivered-To: cvs-all@freebsd.org
Received: from espresso.q9media.com (espresso.q9media.com [216.254.138.122])
	by hub.freebsd.org (Postfix) with ESMTP
	id 954BF37B416; Mon, 10 Dec 2001 22:05:17 -0800 (PST)
Received: (from mike@localhost)
	by espresso.q9media.com (8.11.6/8.11.6) id fBB63aT29653;
	Tue, 11 Dec 2001 01:03:36 -0500 (EST)
	(envelope-from mike)
Date: Tue, 11 Dec 2001 01:03:36 -0500
From: Mike Barcroft <mike@FreeBSD.org>
To: Paul Richards <paul@freebsd-services.com>
Cc: Mike Silbersack <silby@silby.com>,
	Alfred Perlstein <bright@mu.org>, John Baldwin <jhb@FreeBSD.org>,
	mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID: <20011211010336.Q1956@espresso.q9media.com>
References: <20011210201909.O92148@elvis.mu.org> <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com> <20011210221836.N1956@espresso.q9media.com> <616630000.1008044969@lobster.originative.co.uk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <616630000.1008044969@lobster.originative.co.uk>; from paul@freebsd-services.com on Tue, Dec 11, 2001 at 04:29:29AM -0000
Organization: The FreeBSD Project
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

Paul Richards <paul@freebsd-services.com> writes:
> You need the superuser password to get to single user if the console is
> secure. The loader can be used to circumvent that now.

Interesting, I hadn't seen that before.  This is probably only useful
at preventing people that don't have an account on the system, and
don't have physical access to the harddisk, CD-ROM/DVD-ROM, or floppy
drives from gaining root.  To gain root from an account and console
access, one need only craft an init(8) and change the loader
init_path.

Perhaps a secure loader would be useful, such that it doesn't allow
interrupting.  Similar things could be done with the pre-loader boot,
but this write from loader feature seems so useful to me that I can't
imagine why we would want to turn it off by default, particularly
given the intrinsic insecurities of our current loader.

Best regards,
Mike Barcroft

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message