From: <hzu...@ra...> - 2004-04-27 20:33:03
|
On 04/27/2004 04:01:22 PM Tim wrote: >Roland Pabel wrote: > >On Tuesday 27 April 2004 06:14, Tim Tait wrote: >[...] > > >While I'm on the topic, I think another pontential hole is the linuxrc= >script that discovers the etc.tar.bz2 file on boot... since multiple >locations are checked, if an unpriveleged user can introduce an >etc.tar.bz2 file onto a drive that is checked before the real one, the= n >they can control the machine on the next reboot. We should check the >file for "root" ownership and that it is not writeable by anyone else >before loading it. Of course not being a bash master I'm not sure how = to >write that... > > >if you have several users on a system, the most dangerous part is >rebooting. >it's the only time a false config could be injected, but even worse: >just >pass init=3D/bin/bash and you have a root shell. So either: don't rebo= ot, >or: >always attend your reboots and make sure the right config is loaded. >If you want to disable command line passing, you have to change >isolinux.cfg. >When doing that, you can also add a "config=3D/dev/whatever" and if yo= u >protect >that device properly, everything should be fine. >of course, make sure no one swaps CD's and boots a rescue system... >so, IMHO, root ownership may be an additional security check, but it's= >inferior to gpg signing (but maybe we should make that part easier...)= >Roland > >DL supports passing the etc.tar.bz2 file location from boot program? >Cool! And is it just isolinux or does Grub and Lilo work too parameter= >passing from hard disk boots? This would solve a major headache for me= >- I don't want DL scanning all 7 or 8 disk partitions and floppies, us= b >etc. I just want to tell it load=A0 the one on hda1, or the floppy. I = can >make grub menu picks for those. Can/does this parameter also get read >by save-config? My 2nd big concern is a config be written back to >somewhere other than it came from. @Roland That reminds me that you probably should write a few lines about it, wh= ich I can copy'n'paste into the documenation. ;-) >As Bruce pointed out, the floppy FAT doesn't support ownership >attributes, so that may not help. But if I can force the etc.tar.bz2 >location from the boot string, which already has a config file that is= >root only access, then a non priveleged user can not overwrite it so >thats even better. Endeless possibilities... ;-) Heiko = |
From: Roland P. <pa...@ta...> - 2004-04-27 20:49:54
|
On Tuesday 27 April 2004 22:33, hzu...@ra... wrote: > On 04/27/2004 04:01:22 PM Tim wrote: > >Roland Pabel wrote: > > > >On Tuesday 27 April 2004 06:14, Tim Tait wrote: > >[...] [...] > > @Roland > That reminds me that you probably should write a few lines about it, which > I can copy'n'paste into the documenation. ;-) there's always a catch ;-) I'll see to it... something else: I tried some stuff yesterday to get rid of the "sleep 15" (waiting for usb-storage) in linuxrc, unsuccessful... /proc/bus/usb/devices is updated dynamically when the usb bus is probed, that just needs time... Roland -- ICQ UIN 49339118 Linux Counter #88774 GPG-Key 1024D/59C6AFA6 2003-02-07 Roland Pabel <ro...@pa...> |
From: Heiko Z. <he...@zu...> - 2004-04-27 21:01:19
|
> On Tuesday 27 April 2004 22:33, hzu...@ra... wrote: >> On 04/27/2004 04:01:22 PM Tim wrote: >> >Roland Pabel wrote: >> > >> >On Tuesday 27 April 2004 06:14, Tim Tait wrote: >> >[...] > [...] >> >> @Roland >> That reminds me that you probably should write a few lines about it, >> which >> I can copy'n'paste into the documenation. ;-) > there's always a catch ;-) I'll see to it... Hehe. Thx ! > something else: I tried some stuff yesterday to get rid of the "sleep > 15" (waiting for usb-storage) in linuxrc, unsuccessful... > /proc/bus/usb/devices is updated dynamically when the usb bus is probed, > that > just needs time... I was afraid of that. :-( -- Regards Heiko Zuerker http://www.devil-linux.org |