[syslinux] problem with PXElinux and security of local LAN
Murali Krishnan Ganapathy
gmurali at cs.uchicago.edu
Tue Dec 20 09:51:35 PST 2005
Your suggested easier solution might not be feasible. With enough work,
it should be possible to boot Linux from mini-linux. But I dont think it
is possible to transfer control to Windows from a mini-Linux. Too many
linux specific stuff has already taken place. Am I right?
- Murali
Jason Keltz wrote:
> Hi Murali,
>
> I don't mind if I ALWAYS boot the machine a second time, but there is a
> minor chicken and egg problem that I would need to solve. I can't trust
> the state that is stored on the machine if the machine has been off for
> a while. I also need to be able to set the state globally globally set
> the saI would always need to probe for the state the first time, and
> then reboot into the required O/S. I don't mind that the partitions,
> etc. are fixed since the operating systems stay on the machine anyway.
>
> I still don't know how to load the comboot code, and if that code
> requires being installed in a FAT16 partition, how do I protect it from
> Windows?
>
> I wonder if there is an even easier solution... somehow I have 3 O/S ..
> Windows,Linux, Mini-Linux as you say ... you always boot to Mini-Linux
> which probes the web daemon for the state of the machine... at this
> point, if I could just boot to linux/windows knowing that the next time
> the machine boots, it would still go back to mini-linux, this would be
> great!!
>
> jas.
>
> Murali Krishnan Ganapathy wrote:
>> Yet another approach. This does not use PXELINUX! Install the Windows
>> and Linux images on two partitions of your hard disk (so with this
>> solution changing the boot image will not be very easy). But it
>> requires two boots everytime instead of one.
>>
>> The boot cycle is as follows
>>
>> (1) Machine boots locally into COMBOOT code
>> (2) Code checks local machine for boot instructions.
>> (3) If instructions not found it boots a small linux image
>> (4) small linux goes online and finds out what the state of this
>> machine should be (Windows only/Linux Only/Boot Menu)
>> (5) Stores this information somewhere on the hard disk and
>> reboots so that COMBOOT code can find this info during next boot
>> (6) If instructions found, it follows instructions and acts accordingly.
>>
>> This requires the local machine to have a Windows installation and a
>> Linux installation which the users can use, and another small linux +
>> initrd.
>> As soon as you boot into the small linux, you go online (in one of
>> the init scripts) somewhere you trust (local webserver perhaps) and
>> download a small file which says what the next boot image should be
>> (LINUX/WINDOWS/MENU). The script then writes this information on
>> sector N of the local hard disk (which is not used for any other
>> thing). The COMBOOT code checks sector 6 for this information and
>> when found boots into the appropriate image directly.
>>
>> Good Things:
>> (a) Uses things which already exist, i.e. linux code to write this
>> info to sector N and COMBOOT code to read this info already exist.
>> (see http://gui.mahamurali.net and click on Autobooting)
>> (b) No PXELINUX. No TFTP server, so bad guy cannot give you a kernel
>> to boot from
>> (c) A change in your local webserver, will affect all clients the
>> next time they boot. Infact if your logic of (Windows/Linux/Boot
>> Menu) is simple, this logic can be put as a cgi script on your
>> webserver. So you dont need to change anything in the webserver at
>> all!!!
>>
>> Bad Things:
>> (a) You need to an extra reboot everytime you boot
>> (b) If you need to change the boot image, you need to change it on
>> every machine
>> or setup another image you can boot into on the local machine
>> (which requires a password) and use that image to help automate the
>> change of boot image.
>>
>> Good/Bad:
>> (a) Machine retains state between reboots, (i.e. local files on
>> machine)
>>
>> - Murali
>>
>> Jason Keltz wrote:
>>
>>> I have two new thoughts on solving this problem, but I'm not sure
>>> whether either is doable with PXELinux/syslinux..
>>>
>>> 1) I've been doing some web searching. It seems like Intel has a
>>> BIS (Boot Integrity Service) spec that is included in the PXE 2.0
>>> spec. The code, I believe, is open source -
>>> http://sourceforge.net/projects/bis.
>>> I don't see anything in the PXELinux code about handling BIS. If
>>> PXELinux could handle BIS, it seems like this would completely solve
>>> my problem. I could authenticate the code that the PXE server
>>> receives! (On the other hand, it's not clear if I could authenticate
>>> the configuration file, but I guess that would only make sense). If
>>> PXELinux could handle BIS, it seems like it work in a lot of
>>> situations (like mine) where people have recommended not using PXE.
>>> Maybe Peter can comment on the feasibility of adding this
>>> functionality to a future PXElinux?
>>>
>>> 2) It is "possible" that I could do what I want to do now with
>>> syslinux in a different way. The question is, is it possible for
>>> syslinux to probe a DHCP server for a value and then to act based on
>>> that value? I don't see anything about DHCP in the syslinux page,
>>> and the network code may not even be available to syslinux. This is
>>> a bit like the idea that Murali had. Our machines are supposed to
>>> boot either directly into linux, directly into Windows, or present a
>>> boot menu. Before, I was handling the configuration file change on
>>> the server and using PXELinux. By changing the symlink to the
>>> configuration file, I could change the options available to the
>>> users. Basically, my idea is this -- syslinux probes the DHCP
>>> server for an option that determines how it proceeds. It might be
>>> something like:
>>> value of 1 indicates boot directly to linux
>>> value of 2 indicates boot directly to windows
>>> value of 3 indicates to present a boot menu.
>>> syslinux would then either boot directly to linux/windows/present a
>>> menu. There are a couple of problems with this:
>>> 1) (again) I'm not sure I can probe a DHCP server in syslinux,
>>> 2) I'm not sure a syslinux configuration file could act based on
>>> the condition received in 1.
>>> 3) In order to install syslinux on the hard disk, it needs to be
>>> installed into a FAT16 partition. However, by doing this, as far as
>>> I understand it, there would be no security on the FAT16 partition
>>> when users boot Windows XP, and hence users could mess with or
>>> disable the syslinux configuration.
>>>
>>> If someone might be able to help me with 2, that would be great.
>>> If option 1 is magically available and hiding from my sight, it
>>> would be great if someone could help me figure out how to use it..
>>>
>>> Thanks a bunch..
>>>
>>> Jas.
>>>
>>> _______________________________________________
>>> SYSLINUX mailing list
>>> Submissions to SYSLINUX at zytor.com
>>> Unsubscribe or set options at:
>>> http://www.zytor.com/mailman/listinfo/syslinux
>>> Please do not send private replies to mailing list traffic.
>>>
>>>
>>
>
>
>
More information about the Syslinux
mailing list