Date: Tue, 11 Dec 2001 08:54:57 -0500 (EST) From: Robert Watson <rwatson@FreeBSD.org> To: Mike Barcroft <mike@FreeBSD.org> Cc: Paul Richards <paul@freebsd-services.com>, Mike Silbersack <silby@silby.com>, mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <Pine.NEB.3.96L.1011211085232.10640G-100000@fledge.watson.org> In-Reply-To: <20011211010336.Q1956@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 11 Dec 2001, Mike Barcroft wrote: > Paul Richards <paul@freebsd-services.com> writes: > > You need the superuser password to get to single user if the console is > > secure. The loader can be used to circumvent that now. > > Interesting, I hadn't seen that before. This is probably only useful at > preventing people that don't have an account on the system, and don't > have physical access to the harddisk, CD-ROM/DVD-ROM, or floppy drives > from gaining root. To gain root from an account and console access, one > need only craft an init(8) and change the loader init_path. > > Perhaps a secure loader would be useful, such that it doesn't allow > interrupting. Similar things could be done with the pre-loader boot, > but this write from loader feature seems so useful to me that I can't > imagine why we would want to turn it off by default, particularly given > the intrinsic insecurities of our current loader. I think the primary call for such a "userless loader" would be in the so-called "kiosk" environment: the user is provided with access to the keyboard, mouse, and monitor, but expected not to interfere with the operation of the system. Using UNIX in such an environment is not unusual -- it certainly happens in university libraries, booths at tradeshows, etc. This doesn't mean it has to be a whole seperate loader, just that somewhere it would be nice to have a twiddle to prevent undo interference with the boot process. I recognize that we're pretty far from that now, of course, due to having each phase of the multi-phase boot process allow interruption, selection of the next phase, etc. Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011211085232.10640G-100000>