From: Roland P. <pa...@ta...> - 2004-04-27 19:28:00
|
On Tuesday 27 April 2004 06:14, Tim Tait wrote: [...] > > While I'm on the topic, I think another pontential hole is the linuxrc > script that discovers the etc.tar.bz2 file on boot... since multiple > locations are checked, if an unpriveleged user can introduce an > etc.tar.bz2 file onto a drive that is checked before the real one, then > they can control the machine on the next reboot. We should check the > file for "root" ownership and that it is not writeable by anyone else > before loading it. Of course not being a bash master I'm not sure how to > write that... if you have several users on a system, the most dangerous part is rebooting. it's the only time a false config could be injected, but even worse: just pass init=/bin/bash and you have a root shell. So either: don't reboot, or: always attend your reboots and make sure the right config is loaded. If you want to disable command line passing, you have to change isolinux.cfg. When doing that, you can also add a "config=/dev/whatever" and if you protect that device properly, everything should be fine. of course, make sure no one swaps CD's and boots a rescue system... so, IMHO, root ownership may be an additional security check, but it's inferior to gpg signing (but maybe we should make that part easier...) Roland -- ICQ UIN 49339118 Linux Counter #88774 GPG-Key 1024D/59C6AFA6 2003-02-07 Roland Pabel <ro...@pa...> |