[PATCH 2/3] [V6 revision 2] Disable shell access when lockdown is active

[Timothy Pearson]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/16/2016 10:47 PM, Samuel Mendoza-Jonas wrote:
> On Tue, 2016-08-16 at 17:39 -0500, Timothy Pearson wrote:
>> This patch disables direct command line access when the /etc/pb-lockdown
>> file is present.
> 
> Bar a small comment below, this patch is fine - except that I'm not sold
> on guaranteeing that you can never reach the console with this patch.
> What if petitboot-nc crashes? What if a clever user finds a way to exit
> ncurses without hitting the cui_atexit() function? What if, as with all
> current users of Petitboot, the user just enters xmon?

This is why petitboot UI execution is immediately followed by a hard
reboot in the tutorial posted on the Raptor Engineering website.  I will
be looking into buildroot after we get this merged, at the moment I have
enough source trees with local changes and don't need another... ;-)

> How critical is it to your security model that the user (which is most
> likely running as root) can not access a shell? If it's necessary this
> feels like something that should be handled in, for example, the
> buildroot layer.

It is critical, but this change at least will provide some protection if
petitboot's is naively run outside of its security wrapper.  It also
indicates to the user that they should not expect access to a shell.

- -- 
Timothy Pearson
Raptor Engineering
+1 (415) 727-8645 (direct line)
+1 (512) 690-0200 (switchboard)
https://www.raptorengineering.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJXtK7UAAoJEK+E3vEXDOFbcHUIALnitUSFCu+4L3RK5uQVIA4R
bNmpEqaQMZYyXs0qz2V3+P7rZoXorPKOcvDuqcwqGKDyOwHA1FSnI7WE4HEQs44r
LsviT4CyaY8EpEQv4Q3g0jq1w4sVDPK4ptqfB9HK8oo/u1cpivdpKeEuQEjSLAt4
KYUJpP6BRMjw2BtzJwPSe8DtzZ62YLv9EYlDm84ioBn2/MCxp9mA1oAczEV8REqz
DgSnipCQ5IElOxQmUQ+SOj2S1zmeT9LlrysWiHzucI41bZulu71TIY3YpfvTJWN7
g4fivFfSrqDBiOkKHTxqYz6SjqpsZ0j2BzA+9gNmllwRMShsabNgssP3oAXbwko=
=uxCG
-----END PGP SIGNATURE-----