[syslinux] problem with PXElinux and security of local LAN
Jason Keltz
jas at cs.yorku.ca
Mon Dec 19 09:57:52 PST 2005
Hi.
I want to use PXELinux to build a dynamic boot menu for a computer lab.
Sometimes, the machines need to be in Linux mode/Windows mode/allow
the option of Linux/Windows. I configured this all fine with PXELinux.
My problem is really one of security. Someone can plug in a laptop
with a DHCP server, and tftp server and fake a lab machine to boot into
any mode they desire, or even worse, they could configure the local
machine to boot Linux in single user mode, and hence allow access to
root, local ssh keys, etc. I can't really think of any easy way how to
solve this problem since there is no way to authenticate the PXELinux
instance that is loading or the configuration files. Any ideas? A
locally configured grub could do the same thing, of course, but using
pxelinux, I can change the configuration of machines that are off so
that when they come back on, they are in the mode that I desire.
:(
Jason.
More information about the Syslinux
mailing list