Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 11 Dec 2001 11:44:11 -0800 (PST)
From:      John Baldwin <jhb@FreeBSD.org>
To:        Paul Richards <paul@freebsd-services.com>
Cc:        Mike Barcroft <mike@FreeBSD.ORG>, Mike Silbersack <silby@silby.com>, Alfred Perlstein <bright@mu.org>, mini@haikugeek.com, cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, Wilko Bulte <wkb@freebie.xs4all.nl>
Subject:   Re: cvs commit: src/sys/boot/i386/loader version src/share/examp
Message-ID:  <XFMail.011211114411.jhb@FreeBSD.org>
In-Reply-To: <880100000.1008099552@lobster.originative.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help

On 11-Dec-01 Paul Richards wrote:
> --On Tuesday, December 11, 2001 11:21:19 -0800 John Baldwin
> <jhb@FreeBSD.org> wrote:
> 
>> 
>> On 11-Dec-01 Paul Richards wrote:
>>> Well, I think your argument is a flawed one since you're trying to argue
>>> that because you can think of one hole it's not a problem that you've
>>> added another one.
>> 
>> If you have a piece of Swiss cheese, who is going to notice one more
>> hole?  It's not like there was 1 hole before and now there are 2.  There
>> are several holes and now there are several + 1 holes.
>>  
>>> So the issue is really whether we can secure the loader, because now that
>>> I'm aware of that loophole it concerns me that it's so easy to
>>> compromise a FreeBSD box.
>>> 
>>> Can we add a password feature to the loader so that we have a secure
>>> loader?
>> 
>> It has that, but it's simple.  You didn't read my earlier message though
>> where I detailed what we _did_ do for my lab at school.  We didn't use
>> the loader at all, instead we hacked (it was a small hack, and an #ifdef
>> for it could be made) boot2 to not accept user input and to boot the
>> kernel directly.  This means using a static kernel, and in -current
>> compiling your hints statically into the kernel.  This way you bypass the
>> loader completely and don't have to worry about user input.  Granted, if
>> you hose your kernel, you have to pull out a boot floppy to do recovery,
>> but that is the price you pay.
> 
> but that's not very standard. If I was implementing a kiosk then hacking on
> the boot loader is fine for my specific application, but I think we should
> strengthen the security of the generic loader.

I think that the loader is not intended for secure sites, there are too many
things you would have to do to plug holes, so IMO, just bypassing it is your
best bet.  You dont' want to have to enter the root password to boot the
machine every time I wouldn't think.

-- 

John Baldwin <jhb@FreeBSD.org>  <><  http://www.FreeBSD.org/~jhb/
"Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.011211114411.jhb>