Re: boot parameters, init= and security issues

Markus Gutschke (gutschk@uni-muenster.de)
3 Jun 1996 19:31:26 +0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Alan Cox: "Re: 1.99.10: can't umount nfs/CD-ROM"
Previous message: Herbert Rosmanith: "1.99.10: keyboard error!"
Next in thread: Lonnie Norton: "Re: 1.99.10: keyboard error!"
Reply: Lonnie Norton: "Re: 1.99.10: keyboard error!"

miquels@cistron.nl (Miquel van Smoorenburg) writes:
> Alas, Linus rejected it. This normally means he thinks it
> was not a good idea. Hence the request for comment here.
> Would something like this be useful? Or isn't it because there
> are other boot options that can be abused to achieve the
> same effect (and turning them all off would be unacceptable) ?

Off-hand the possibility of using a different root filesystem on a
removeable medium (floppy disk) springs to mind as yet another obvious
security threat, but this can probably be avoided, by compiling the
floppy driver as a module and not allowing for NFS mounted root
filesystems. Most of the other boot time options probably result in
making the system rather unreliable and prone to crashes but I am not
aware of obvious exploits.

Generally, though I am in favor of your proposal. Providing as many
boot-time security measures as possible sounds like a *very* good idea
--- but maybe I am just a little bit paranoid :-)

Markus

-- 
Markus Gutschke            Internet: gutschk@math.uni-muenster.de
Schlage 5a
D-48268 Greven-Gimbte
Germany

Next message: Alan Cox: "Re: 1.99.10: can't umount nfs/CD-ROM"
Previous message: Herbert Rosmanith: "1.99.10: keyboard error!"
Next in thread: Lonnie Norton: "Re: 1.99.10: keyboard error!"
Reply: Lonnie Norton: "Re: 1.99.10: keyboard error!"