From owner-cvs-all  Tue Dec 11 11:21:37 2001
Delivered-To: cvs-all@freebsd.org
Received: from mail12.speakeasy.net (mail12.speakeasy.net [216.254.0.212])
	by hub.freebsd.org (Postfix) with ESMTP id 87A1D37B42A
	for <cvs-all@FreeBSD.ORG>; Tue, 11 Dec 2001 11:21:25 -0800 (PST)
Received: (qmail 16670 invoked from network); 11 Dec 2001 19:21:24 -0000
Received: from unknown (HELO laptop.baldwin.cx) ([64.81.54.73]) (envelope-sender <jhb@FreeBSD.org>)
          by mail12.speakeasy.net (qmail-ldap-1.03) with SMTP
          for <paul@freebsd-services.com>; 11 Dec 2001 19:21:24 -0000
Message-ID: <XFMail.011211112119.jhb@FreeBSD.org>
X-Mailer: XFMail 1.4.0 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <868210000.1008098113@lobster.originative.co.uk>
Date: Tue, 11 Dec 2001 11:21:19 -0800 (PST)
From: John Baldwin <jhb@FreeBSD.org>
To: Paul Richards <paul@freebsd-services.com>
Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Cc: Wilko Bulte <wkb@freebie.xs4all.nl>, cvs-committers@FreeBSD.ORG,
	cvs-all@FreeBSD.ORG, mini@haikugeek.com,
	Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>,
	Mike Barcroft <mike@FreeBSD.ORG>
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG


On 11-Dec-01 Paul Richards wrote:
> Well, I think your argument is a flawed one since you're trying to argue
> that because you can think of one hole it's not a problem that you've added
> another one.

If you have a piece of Swiss cheese, who is going to notice one more hole? 
It's not like there was 1 hole before and now there are 2.  There are several
holes and now there are several + 1 holes.
 
> So the issue is really whether we can secure the loader, because now that
> I'm aware of that loophole it concerns me that it's so easy to compromise a
> FreeBSD box.
> 
> Can we add a password feature to the loader so that we have a secure loader?

It has that, but it's simple.  You didn't read my earlier message though where
I detailed what we _did_ do for my lab at school.  We didn't use the loader at
all, instead we hacked (it was a small hack, and an #ifdef for it could be
made) boot2 to not accept user input and to boot the kernel directly.  This
means using a static kernel, and in -current compiling your hints statically
into the kernel.  This way you bypass the loader completely and don't have to
worry about user input.  Granted, if you hose your kernel, you have to pull out
a boot floppy to do recovery, but that is the price you pay.

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message