[1733] in linux-security and linux-alert archive
[linux-security] Re: New hack against BSD,
daemon@ATHENA.MIT.EDU (Donnie Barnes)
Wed Apr 15 01:32:11 1998
Date: Tue, 14 Apr 1998 14:08:45 -0400
From: Donnie Barnes <djb@redhat.com>
In-reply-to: <m0yOr0n-0010KtC@scintilla.darkwater.com>
To: linux-security@redhat.com
Cc: sinster@darkwater.com
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com
> Linux booted from LILO is not vulnerable, because bootable kernels must
> be specified ahead of time in /etc/lilo.conf, and I truly hope that no
> Linux system has a publicly writable /etc/lilo.conf. Linux booted from
> SILO _is_ vulnerable unless a boot password is specified in /etc/silo.conf,
> because SILO will otherwise allow the person at console to specify any
> arbitrary file from which to boot, just as the BSD bootloader does. With
> the boot password specified in /etc/silo.conf, SILO will require the
> user at console to enter the boot password before loading an arbitrary
> file.
>
> Someone who is more familiar with SILO than I should take a look at this
> to make sure that I'm right: my sparc isn't working these days, so I had
> to rely on reading the SILO source code to figure out the password
> workaround.
SILO can load an arbitrary kernel (it understands the ext2 filesystem).
I don't consider this a "security hole" since if you can get access to
SILO or the PROM you can do a whole myriad of other nasty things (like
'linux single' from SILO or from the PROM you can just boot a CD or
floppy or even a network image).
Yes, this is a security "issue", but it is not a "hole" per se.
--Donnie
--
Donnie Barnes http://www.redhat.com/~djb djb@redhat.com "Bah."
Challenge Diversity. Ignore People. Live Life. Use Linux. 879.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
_Things You'd NEVER Expect A Southerner To Say_ by Vic Henley:
** We don't keep firearms in this house.
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe test-list-request@redhat.com < /dev/null