Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 11 Dec 2001 00:52:11 -0600
From:      Alfred Perlstein <bright@mu.org>
To:        Mike Barcroft <mike@FreeBSD.org>
Cc:        Paul Richards <paul@freebsd-services.com>, Mike Silbersack <silby@silby.com>, John Baldwin <jhb@FreeBSD.org>, mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID:  <20011211005211.V92148@elvis.mu.org>
In-Reply-To: <20011211010336.Q1956@espresso.q9media.com>; from mike@FreeBSD.org on Tue, Dec 11, 2001 at 01:03:36AM -0500
References:  <20011210201909.O92148@elvis.mu.org> <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com> <20011210221836.N1956@espresso.q9media.com> <616630000.1008044969@lobster.originative.co.uk> <20011211010336.Q1956@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
* Mike Barcroft <mike@FreeBSD.org> [011211 00:05] wrote:
> Paul Richards <paul@freebsd-services.com> writes:
> > You need the superuser password to get to single user if the console is
> > secure. The loader can be used to circumvent that now.
> 
> Interesting, I hadn't seen that before.  This is probably only useful
> at preventing people that don't have an account on the system, and
> don't have physical access to the harddisk, CD-ROM/DVD-ROM, or floppy
> drives from gaining root.  To gain root from an account and console
> access, one need only craft an init(8) and change the loader
> init_path.
> 
> Perhaps a secure loader would be useful, such that it doesn't allow
> interrupting.  Similar things could be done with the pre-loader boot,
> but this write from loader feature seems so useful to me that I can't
> imagine why we would want to turn it off by default, particularly
> given the intrinsic insecurities of our current loader.

Honestly I feel that the requirement to learn Forth as a prerequisite
to hacking a FreeBSD box this way makes it highly unlikely that one
would do so. :)

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
 start asking why software is ignoring 30 years of accumulated wisdom.'
                           http://www.morons.org/rants/gpl-harmful.php3

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011211005211.V92148>