Re: boot parameters, init= and security issues

Albert Cahalan (albert@ccs.neu.edu)
Wed, 5 Jun 1996 13:21:18 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: emoenke: "Re: Kernel panic with Matsushita CD-ROM in 1.99.11"
Previous message: Paul Gortmaker: "Re: send_head NULL in xmit_timer"
Next in thread: Systemkennung Linux: "Re: boot parameters, init= and security issues"
Reply: Systemkennung Linux: "Re: boot parameters, init= and security issues"

From: miquels@drinkel.ow.org (Miquel van Smoorenburg)
> Markus Gutschke <gutschk@uni-muenster.de> wrote:
>> miquels@cistron.nl (Miquel van Smoorenburg) writes:
>>
>>> Alas, Linus rejected it. This normally means he thinks it
>>> was not a good idea. Hence the request for comment here.
>>> Would something like this be useful? Or isn't it because there
>>> are other boot options that can be abused to achieve the
>>> same effect (and turning them all off would be unacceptable) ?
>>
>> Off-hand the possibility of using a different root filesystem on a
>> removeable medium (floppy disk) springs to mind as yet another obvious
>> security threat, but this can probably be avoided, by compiling the
>> floppy driver as a module and not allowing for NFS mounted root
>> filesystems. Most of the other boot time options probably result in
>> making the system rather unreliable and prone to crashes but I am not
>> aware of obvious exploits.
>>
>> Generally, though I am in favor of your proposal. Providing as many
>> boot-time security measures as possible sounds like a *very* good idea
>> --- but maybe I am just a little bit paranoid :-)

No, because people will think they can rely on them.
If someone wants security, they must use the full lilo password.

> I talked with Linus today about these patches, but he thinks the
> idea is broken; you should just put a password on the LILO
> configuration. I responded that most people do not do this, and
> I just wanted to make reasonably sure that a Linux box somewhere
> in a university cannot be broken into just by rebooting it (as
> long as the sysadm has set the boot sequence to C: A: and put a
> password on the BIOS). Most people don't know anything about
> LILO configuration.

Lilo could be made to print "Booting * without password...".
It could also pass the kernel a variable.

boottype=secure Password protected lilo
boottype=insecure Normal lilo boot
bootype is unset Used syslinux, loadlin, network boot, old lilo

This lets scripts print out a warning that reminds the admin
to set BIOS and lilo passwords.

Next message: emoenke: "Re: Kernel panic with Matsushita CD-ROM in 1.99.11"
Previous message: Paul Gortmaker: "Re: send_head NULL in xmit_timer"
Next in thread: Systemkennung Linux: "Re: boot parameters, init= and security issues"
Reply: Systemkennung Linux: "Re: boot parameters, init= and security issues"