Re: boot parameters, init= and security issues

Miquel van Smoorenburg (miquels@drinkel.ow.org)
Tue, 4 Jun 1996 20:10:42 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jamie Lokier: "Re: Ext2 speedup (No atime update), concerns"
Previous message: Marius Heuler: "Oops 1.99.9 ext2?"

In article <m2afyk3ic3.fsf@cortex.corpus.uni-muenster.de>,
Markus Gutschke <gutschk@uni-muenster.de> wrote:
>miquels@cistron.nl (Miquel van Smoorenburg) writes:
>> Alas, Linus rejected it. This normally means he thinks it
>> was not a good idea. Hence the request for comment here.
>> Would something like this be useful? Or isn't it because there
>> are other boot options that can be abused to achieve the
>> same effect (and turning them all off would be unacceptable) ?
>
>Off-hand the possibility of using a different root filesystem on a
>removeable medium (floppy disk) springs to mind as yet another obvious
>security threat, but this can probably be avoided, by compiling the
>floppy driver as a module and not allowing for NFS mounted root
>filesystems. Most of the other boot time options probably result in
>making the system rather unreliable and prone to crashes but I am not
>aware of obvious exploits.
>
>Generally, though I am in favor of your proposal. Providing as many
>boot-time security measures as possible sounds like a *very* good idea
>--- but maybe I am just a little bit paranoid :-)

I talked with Linus today about these patches, but he thinks the
idea is broken; you should just put a password on the LILO
configuration. I responded that most people do not do this, and
I just wanted to make reasonably sure that a Linux box somewhere
in a university cannot be broken into just by rebooting it (as
long as the sysadm has set the boot sequence to C: A: and put a
password on the BIOS). Most people don't know anything about
LILO configuration.

But well, the real problem still is the root= parameter. Put in
an emergency floppy, boot from harddisk with on the command line
"root=/dev/fd0" and you're in. You really don't want to
disallow the "root=" parameter :)

The only way around this is to disallow root= setting to a floppy
disk when you've booted from harddisk, but as far as I can see
there is no easy way to find out the bootdevice. Well you could
find it out in linux/arch/i386/kernel/setup.c I think, but that'd
only work for the PC architecture.

I'm still thinking about this. But is sure isn't as easy as
I though it would be.

Mike.

--
+ Miquel van Smoorenburg   + Cistron Internet Services +  Living is a     |
| miquels@cistron.nl (SP6) | Independent Dutch ISP     |   horizontal     |
+ miquels@drinkel.ow.org   + http://www.cistron.nl/    +      fall        +

Next message: Jamie Lokier: "Re: Ext2 speedup (No atime update), concerns"
Previous message: Marius Heuler: "Oops 1.99.9 ext2?"