I talked with Linus today about these patches, but he thinks the
idea is broken; you should just put a password on the LILO
configuration. I responded that most people do not do this, and
I just wanted to make reasonably sure that a Linux box somewhere
in a university cannot be broken into just by rebooting it (as
long as the sysadm has set the boot sequence to C: A: and put a
password on the BIOS). Most people don't know anything about
LILO configuration.
But well, the real problem still is the root= parameter. Put in
an emergency floppy, boot from harddisk with on the command line
"root=/dev/fd0" and you're in. You really don't want to
disallow the "root=" parameter :)
The only way around this is to disallow root= setting to a floppy
disk when you've booted from harddisk, but as far as I can see
there is no easy way to find out the bootdevice. Well you could
find it out in linux/arch/i386/kernel/setup.c I think, but that'd
only work for the PC architecture.
I'm still thinking about this. But is sure isn't as easy as
I though it would be.
Mike.
-- + Miquel van Smoorenburg + Cistron Internet Services + Living is a | | miquels@cistron.nl (SP6) | Independent Dutch ISP | horizontal | + miquels@drinkel.ow.org + http://www.cistron.nl/ + fall +