Re: Small security option

[bert hubert]

On Wed, Sep 17, 2003 at 06:25:43PM -0700, Chris Wright wrote:
> * John R Moser (jmoser5@xxxxxxxxxxxxxxxxxxxxx) wrote:
> > Why wasn't this done in the first place anyway? 
> > 
> > Some sysadmins like to disable the other boot devices and password-protect
> > the bios.  Good, but if the person can pass init=, you're screwed. 
> > 
> > Here's a small patch that does a very simple thing: Disables "init=" and
> > using /bin/sh for init. That'll stop people from rooting the box from grub. 
> 
> If you have this access, you already own the box.
> -chris

Not *entirely* true. I know of hardware that would scream if it were opened
and refuse to boot the next time, unless a bios password would be entered.
Sure, it can be circumvented, but allowing software to bypass such measures
seems silly.

However, in this case, lilo or grub or whatever should prevent the user from
entering kernel parameters if they aren't authorized, not the kernel.

	Bert.

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/