From owner-cvs-all  Mon Dec 10 22:18:14 2001
Delivered-To: cvs-all@freebsd.org
Received: from cain.gsoft.com.au (genesi.lnk.telstra.net [139.130.136.161])
	by hub.freebsd.org (Postfix) with ESMTP
	id 28B7A37B419; Mon, 10 Dec 2001 22:17:35 -0800 (PST)
Received: from cain.gsoft.com.au (root@localhost [127.0.0.1])
	by cain.gsoft.com.au (8.11.6/8.11.6) with ESMTP id fBB6HTZ65072;
	Tue, 11 Dec 2001 16:47:29 +1030 (CST)
	(envelope-from doconnor@gsoft.com.au)
Message-ID: <XFMail.20011211164729.doconnor@gsoft.com.au>
X-Mailer: XFMail 1.5.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <20011211010336.Q1956@espresso.q9media.com>
Date: Tue, 11 Dec 2001 16:47:29 +1030 (CST)
From: "Daniel O'Connor" <doconnor@gsoft.com.au>
To: Mike Barcroft <mike@FreeBSD.org>
Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org,
	mini@haikugeek.com, John Baldwin <jhb@FreeBSD.org>,
	Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>,
	Paul Richards <paul@freebsd-services.com>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On 11-Dec-2001 Mike Barcroft wrote:
>  Perhaps a secure loader would be useful, such that it doesn't allow
>  interrupting.  Similar things could be done with the pre-loader boot,
>  but this write from loader feature seems so useful to me that I can't
>  imagine why we would want to turn it off by default, particularly
>  given the intrinsic insecurities of our current loader.

From loader.4th...

\ ***** check-password
\
\       If a password was defined, execute autoboot and ask for
\       password if autoboot returns.

: check-password
  password .addr @ if
[ .... ]

I believe you could get the thing that loads the loader (boot1? boot2? I
forget) to load another loader. It would be reasonably difficult to place one
on the machine as a normal user. The only case I can see it being possible is
if /tmp is writable by a normal user, and isn't a symlink somewhere else, or on
another file system.

---
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
  -- Andrew Tanenbaum

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message