[PATCH 00/13] User support and client permissions
Samuel Mendoza-Jonas
sam at mendozajonas.com
Mon Nov 26 11:36:23 AEDT 2018
On Fri, 2018-11-23 at 11:46 +1100, Stewart Smith wrote:
> Samuel Mendoza-Jonas <sam at mendozajonas.com> writes:
> > There has been interest in having methods to "lock down" Petitboot for a
> > while now (existing changes like restricting access to the shell,
> > requested features such as adding a big "Password" screen before being
> > able to do anything), and this makes a big jump in that direction as
> > part of the overall journey to trusted/secure boot.
> >
> > Rather than rely on implementing a bunch of password checks in ncurses
> > and keeping the user from getting shell access this instead leans on
> > having Linux do it for us for the most part by running all user facing
> > parts of Petitboot as an unprivileged user, with only pb-discover and
> > its utilities running with root permissions. Assuming the environment
> > has been set up correctly this means that when a user drops to the shell
> > they are completely unprivileged unless they know the root password.
>
> I'm just thinking how this would interact with op-test, we *may* not
> currently do the "su" thing correctly (or we might... it'd be good to
> check though).
>
> Maybe for some backwards-compat, if we don't have a root password,
> exiting to a shell should automatically "su" you to root?
>
I think op-test just uses 'sudo' which we're unlikely to have. Good idea,
I'll have a look at adding a check in the drop-to-shell logic.
More information about the Petitboot
mailing list