[PATCH 2/3] [V6 revision 2] Disable shell access when lockdown is active

Samuel Mendoza-Jonas sam at mendozajonas.com
Wed Aug 17 13:47:00 AEST 2016


On Tue, 2016-08-16 at 17:39 -0500, Timothy Pearson wrote:
> This patch disables direct command line access when the /etc/pb-lockdown
> file is present.

Bar a small comment below, this patch is fine - except that I'm not sold
on guaranteeing that you can never reach the console with this patch.
What if petitboot-nc crashes? What if a clever user finds a way to exit
ncurses without hitting the cui_atexit() function? What if, as with all
current users of Petitboot, the user just enters xmon?

How critical is it to your security model that the user (which is most
likely running as root) can not access a shell? If it's necessary this
feels like something that should be handled in, for example, the
buildroot layer.

> 
> Signed-off-by: Timothy Pearson <tpearson at raptorengineering.com>
> ---
>  ui/ncurses/nc-cui.c | 22 +++++++++++++++++++++-
>  1 file changed, 21 insertions(+), 1 deletion(-)
> 
> diff --git a/ui/ncurses/nc-cui.c b/ui/ncurses/nc-cui.c
> index 09b63b0..c2f1c83 100644
> --- a/ui/ncurses/nc-cui.c
> +++ b/ui/ncurses/nc-cui.c
> @@ -25,6 +25,7 @@
>  #include <stdlib.h>
>  #include <string.h>
>  #include <sys/ioctl.h>
> +#include <sys/reboot.h>
>  
>  #include "log/log.h"
>  #include "pb-protocol/pb-protocol.h"
> @@ -47,6 +48,14 @@ extern const struct help_text main_menu_help_text;
>  
>  static struct pmenu *main_menu_init(struct cui *cui);
>  
> +static bool lockdown_active(void)
> +{
> +	bool lockdown = false;
> +	if (access(LOCKDOWN_FILE, F_OK) != -1)
> +		lockdown = true;
> +	return lockdown;
> +}
> +
>  static void cui_start(void)
>  {
>  	initscr();			/* Initialize ncurses. */
> @@ -94,6 +103,13 @@ static void cui_atexit(void)
>  	clear();
>  	refresh();
>  	endwin();
> +
> +	bool lockdown = lockdown_active();
> +
> +	while (lockdown) {
> +		sync();
> +		reboot(RB_AUTOBOOT);
> +	}

If reboot returns with an error, do you want to loop forever, or cancel
exiting with a message to the user?

>  }
>  
>  /**
> @@ -826,6 +842,7 @@ static struct pmenu *main_menu_init(struct cui *cui)
>  	struct pmenu_item *i;
>  	struct pmenu *m;
>  	int result;
> +	bool lockdown = lockdown_active();
>  
>  	m = pmenu_init(cui, 7, cui_on_exit);
>  	if (!m) {
> @@ -869,7 +886,10 @@ static struct pmenu *main_menu_init(struct cui *cui)
>  	i->on_execute = menu_add_url_execute;
>  	pmenu_item_insert(m, i, 5);
>  
> -	i = pmenu_item_create(m, _("Exit to shell"));
> +	if (lockdown)
> +		i = pmenu_item_create(m, _("Reboot"));
> +	else
> +		i = pmenu_item_create(m, _("Exit to shell"));
>  	i->on_execute = pmenu_exit_cb;
>  	pmenu_item_insert(m, i, 6);
>  



More information about the Petitboot mailing list