[PATCH 2/3] [V6 revision 2] Disable shell access when lockdown is active
tpearson at raptorengineering.com
Thu Aug 18 04:37:10 AEST 2016
-----BEGIN PGP SIGNED MESSAGE-----
On 08/16/2016 10:47 PM, Samuel Mendoza-Jonas wrote:
> On Tue, 2016-08-16 at 17:39 -0500, Timothy Pearson wrote:
>> This patch disables direct command line access when the /etc/pb-lockdown
>> file is present.
> Bar a small comment below, this patch is fine - except that I'm not sold
> on guaranteeing that you can never reach the console with this patch.
> What if petitboot-nc crashes? What if a clever user finds a way to exit
> ncurses without hitting the cui_atexit() function? What if, as with all
> current users of Petitboot, the user just enters xmon?
This is why petitboot UI execution is immediately followed by a hard
reboot in the tutorial posted on the Raptor Engineering website. I will
be looking into buildroot after we get this merged, at the moment I have
enough source trees with local changes and don't need another... ;-)
> How critical is it to your security model that the user (which is most
> likely running as root) can not access a shell? If it's necessary this
> feels like something that should be handled in, for example, the
> buildroot layer.
It is critical, but this change at least will provide some protection if
petitboot's is naively run outside of its security wrapper. It also
indicates to the user that they should not expect access to a shell.
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Petitboot