[syslinux] Security issues with SYSLINUX 2.01
Seth David Schoen
schoen at loyalty.org
Thu Feb 6 18:48:33 PST 2003
H. Peter Anvin writes:
> Seth David Schoen wrote:
> >
> >The LNX-BBC project, which has been using SYSLINUX since our
> >predecessor project got started in 1999, has used mtools (and dd)
> >successfully to make bootable SYSLINUX floppies for over a year now.
> >
> >http://gar.lnx-bbc.org/cvs/gar/meta/lnx.img/Makefile?rev=HEAD&content-type=text/vnd.viewcvs-markup
> >
> >We've been very happy with the mtools approach. (We also have a
> >one-line Perl substitute for rdev...) The net result is that we can
> >build a complete bootable distribution image with no need for root
> >privilege at all. I think that's a worthwhile feature.
> >
>
> I think you're misunderstanding me -- the issue is whether or not to use
> a setuid syslinux binary or use mtools to accomplish this, not whether
> it's useful.
I'm advocating mtools, because getting the setuid binary in the first
place obviously requires root access. I think eliminating a
dependency on root access is a good idea, and using mtools will do that.
--
Seth David Schoen <schoen at loyalty.org> | Reading is a right, not a feature!
http://www.loyalty.org/~schoen/ | -- Kathryn Myronuk
http://vitanuova.loyalty.org/ |
More information about the Syslinux
mailing list