Date: Tue, 11 Dec 2001 19:15:13 -0000 From: Paul Richards <paul@freebsd-services.com> To: John Baldwin <jhb@FreeBSD.org> Cc: Mike Barcroft <mike@FreeBSD.ORG>, Mike Silbersack <silby@silby.com>, Alfred Perlstein <bright@mu.org>, mini@haikugeek.com, cvs-all@FreeBSD.ORG, cvs-committers@FreeBSD.ORG, Wilko Bulte <wkb@freebie.xs4all.nl> Subject: Re: cvs commit: src/sys/boot/i386/loader version src/share/examp Message-ID: <868210000.1008098113@lobster.originative.co.uk> In-Reply-To: <XFMail.011211103157.jhb@FreeBSD.org> References: <XFMail.011211103157.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Tuesday, December 11, 2001 10:31:57 -0800 John Baldwin <jhb@FreeBSD.org> wrote: > > On 11-Dec-01 Paul Richards wrote: >> A box where the BIOS is passwd protected, and has been set to only allow >> booting from the hard disk and where FreeBSD is configured to have a >> secure console is pretty secure from a casual attack. You'd have to open >> up the box and clear the CMOS and that sort of activity would be >> difficult in most situations and certainly something that would be >> noticed (we're not talking about sneaking into the server room late at >> night here, we're talking about office/classroom/lab environments where >> the admin is trying to protect the desktop systems from abuse). >> >> The loader change means that all that's necessary now is to power cycle >> the box and stop in the boot loader and clear the root passwd. That's >> something that can be done while sitting quite innocuously at the >> console and not drawing any attention to oneself. > > You mean one couldn't compile a custom kernel module to allow root access, > stick it in /tmp, reboot, break into the loader prompt and load > /tmp/mymodule.ko and then boot the system before? :) It's no more > vulnerable than it was before. Also, writing to the file itself isn't > that easy unless you are a Forth hacker. This wouldn't apply in the lab > of machines I admin'd at college for CS undergrads for example since no > one knew forth. Well, I think your argument is a flawed one since you're trying to argue that because you can think of one hole it's not a problem that you've added another one. However, that's not a constructive direction to go in, and I can think of at least one other way of circumventing the secure console once you're in the loader, by changing the boot device for the third stage. So the issue is really whether we can secure the loader, because now that I'm aware of that loophole it concerns me that it's so easy to compromise a FreeBSD box. Can we add a password feature to the loader so that we have a secure loader? Paul Richards FreeBSD Services Ltd http://www.freebsd-services.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?868210000.1008098113>