Date: Mon, 10 Dec 2001 22:18:36 -0500 From: Mike Barcroft <mike@FreeBSD.org> To: Mike Silbersack <silby@silby.com> Cc: Alfred Perlstein <bright@mu.org>, John Baldwin <jhb@FreeBSD.org>, mini@haikugeek.com, cvs-all@FreeBSD.org, cvs-committers@FreeBSD.org Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <20011210221836.N1956@espresso.q9media.com> In-Reply-To: <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com>; from silby@silby.com on Mon, Dec 10, 2001 at 09:23:27PM -0500 References: <20011210201909.O92148@elvis.mu.org> <Pine.BSF.4.30.0112102122001.22013-100000@niwun.pair.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Silbersack <silby@silby.com> writes: > On Mon, 10 Dec 2001, Alfred Perlstein wrote: > > > > All these loader commits make it possible to overwrite the existing > > contents of > a file on a UFS filesystem. > > > > Yay! One "cool" feaure at least from a security standpoint would > > be adding a write once variable to turn this off so that one can't > > use loader to smash /etc/passwd. > > > > John, or Jonathan... ? any plans on giving this a shot? > > > > -Alfred > > Hm, I wonder if write enabling should even be compiled into the loader by > default - I think you're correct in suspecting that changing /etc/passwd > will be the primary use of this feature. :| Why would someone use this feature to write to the password file, when they can just boot into single user mode and use their favourite editor? Best regards, Mike Barcroft To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011210221836.N1956>