[1733] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: New hack against BSD,

daemon@ATHENA.MIT.EDU (Donnie Barnes)
Wed Apr 15 01:32:11 1998

Date: Tue, 14 Apr 1998 14:08:45 -0400
From: Donnie Barnes <djb@redhat.com>
In-reply-to: <m0yOr0n-0010KtC@scintilla.darkwater.com>
To: linux-security@redhat.com
Cc: sinster@darkwater.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com


> Linux booted from LILO is not vulnerable, because bootable kernels must
> be specified ahead of time in /etc/lilo.conf, and I truly hope that no
> Linux system has a publicly writable /etc/lilo.conf.  Linux booted from
> SILO _is_ vulnerable unless a boot password is specified in /etc/silo.conf,
> because SILO will otherwise allow the person at console to specify any
> arbitrary file from which to boot, just as the BSD bootloader does.  With
> the boot password specified in /etc/silo.conf, SILO will require the
> user at console to enter the boot password before loading an arbitrary
> file.
> 
> Someone who is more familiar with SILO than I should take a look at this
> to make sure that I'm right: my sparc isn't working these days, so I had
> to rely on reading the SILO source code to figure out the password
> workaround.

SILO can load an arbitrary kernel (it understands the ext2 filesystem).
I don't consider this a "security hole" since if you can get access to 
SILO or the PROM you can do a whole myriad of other nasty things (like
'linux single' from SILO or from the PROM you can just boot a CD or
floppy or even a network image).

Yes, this is a security "issue", but it is not a "hole" per se.


--Donnie


--
 Donnie Barnes    http://www.redhat.com/~djb    djb@redhat.com   "Bah."
   Challenge Diversity.  Ignore People.  Live Life.  Use Linux.  879.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_Things You'd NEVER Expect A Southerner To Say_ by Vic Henley:     
**  We don't keep firearms in this house.

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post