Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2001 08:54:57 -0500 (EST)
From:      Robert Watson <rwatson@FreeBSD.org>
To:        Mike Barcroft <mike@FreeBSD.org>
Cc:        Paul Richards <paul@freebsd-services.com>, Mike Silbersack <silby@silby.com>, mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org
Subject:   Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID:  <Pine.NEB.3.96L.1011211085232.10640G-100000@fledge.watson.org>
In-Reply-To: <20011211010336.Q1956@espresso.q9media.com>

next in thread | previous in thread | raw e-mail | index | archive | help

On Tue, 11 Dec 2001, Mike Barcroft wrote:

> Paul Richards <paul@freebsd-services.com> writes:
> > You need the superuser password to get to single user if the console is
> > secure. The loader can be used to circumvent that now.
> 
> Interesting, I hadn't seen that before.  This is probably only useful at
> preventing people that don't have an account on the system, and don't
> have physical access to the harddisk, CD-ROM/DVD-ROM, or floppy drives
> from gaining root.  To gain root from an account and console access, one
> need only craft an init(8) and change the loader init_path. 
> 
> Perhaps a secure loader would be useful, such that it doesn't allow
> interrupting.  Similar things could be done with the pre-loader boot,
> but this write from loader feature seems so useful to me that I can't
> imagine why we would want to turn it off by default, particularly given
> the intrinsic insecurities of our current loader. 

I think the primary call for such a "userless loader" would be in the
so-called "kiosk" environment: the user is provided with access to the
keyboard, mouse, and monitor, but expected not to interfere with the
operation of the system.  Using UNIX in such an environment is not unusual
-- it certainly happens in university libraries, booths at tradeshows,
etc. This doesn't mean it has to be a whole seperate loader, just that
somewhere it would be nice to have a twiddle to prevent undo interference
with the boot process.  I recognize that we're pretty far from that now,
of course, due to having each phase of the multi-phase boot process allow
interruption, selection of the next phase, etc. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1011211085232.10640G-100000>