Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Jul 2012 12:12:47 GMT
From:      Vitaly Zakharov <ded3axap@gmail.com>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   conf/170110: loader.conf bootmenu password prevents OS from loading
Message-ID:  <201207241212.q6OCClb8001496@red.freebsd.org>
Resent-Message-ID: <201207241220.q6OCK7CL017155@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         170110
>Category:       conf
>Synopsis:       loader.conf  bootmenu password prevents OS from loading
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue Jul 24 12:20:06 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Vitaly Zakharov
>Release:        9.0-RELEASE-p3
>Organization:
Positive Technologies
>Environment:
FreeBSD FBSD_9_0_i386 9.0-RELEASE-p3 FreeBSD 9.0-RELEASE-p3 #0: Tue Jul 24 12:31:53 MSK 2012     root@FBSD_9_0_i386:/usr/obj/usr/src/sys/GENERIC  i386
>Description:
After adding a line 

password="supersecret"

to /boot/loader.conf OS does not booting unless correct password is given.

In older versions of FreeBSD (I was tested 4.11, 5.5, 6.4, 7.4, 8.3) this setting will protect Boot Menu to prevent setting custom options on boot, but not to completely stopping OS booting.

This problem affects only FreeBSD 9.0.

>How-To-Repeat:
Add a line:

password="supersecret"

to /boot/loader.conf and reboot the machine.

After that you cannot load OS without typing correct password.

>Fix:
Add a line "0 autoboot" as first command in section "check-password" of /boot/check-password.4th:

: check-password ( -- )

        0 autoboot

        \ Exit if a password was not set
        s" password" getenv dup -1 = if
                drop exit
        then


        begin \ Loop as long as it takes to get the right password

                s" Password: " \ Output a prompt for a password
                read           \ Read the user's input until Enter

                2dup readval readlen @ compare 0= if
                        2drop exit \ Correct password
                then

                \ Bad Password
                3000 ms
                ." loader: incorrect password" 10 emit

        again \ Not the right password; repeat
;

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207241212.q6OCClb8001496>