Date: Tue, 11 Dec 2001 16:47:29 +1030 (CST) From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: Mike Barcroft <mike@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, mini@haikugeek.com, John Baldwin <jhb@FreeBSD.org>, Alfred Perlstein <bright@mu.org>, Mike Silbersack <silby@silby.com>, Paul Richards <paul@freebsd-services.com> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <XFMail.20011211164729.doconnor@gsoft.com.au> In-Reply-To: <20011211010336.Q1956@espresso.q9media.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11-Dec-2001 Mike Barcroft wrote: > Perhaps a secure loader would be useful, such that it doesn't allow > interrupting. Similar things could be done with the pre-loader boot, > but this write from loader feature seems so useful to me that I can't > imagine why we would want to turn it off by default, particularly > given the intrinsic insecurities of our current loader. From loader.4th... \ ***** check-password \ \ If a password was defined, execute autoboot and ask for \ password if autoboot returns. : check-password password .addr @ if [ .... ] I believe you could get the thing that loads the loader (boot1? boot2? I forget) to load another loader. It would be reasonably difficult to place one on the machine as a normal user. The only case I can see it being possible is if /tmp is writable by a normal user, and isn't a symlink somewhere else, or on another file system. --- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?XFMail.20011211164729.doconnor>