[syslinux] Don't allow users to append additional kernel cmdline args
Murali Krishnan Ganapathy
gmurali at cs.uchicago.edu
Tue Apr 13 09:20:55 PDT 2004
The only thing I can think of is COMBOOT.
If the user knows the name of the kernel, they can invoke it directly
and pass arguments. One solution is write your own COMBOOT interface,
say myui.c32. Configure pxelinux.cfg to invoke myui.c32 immediately,
without any timeout. Also configure pxelinux.cfg to invoke myui.c32 in
case of any error. In the first case myui.c32 will not get any
arguments. In the second case, the bad command line will be given as
your argument.
So PXELINUX will call your code immediately, and you give the "boot:"
prompt. Then once you have the user's commandline, you can extract the
first word and use PXELINUX API to execute the specified instruction.
Thus you have effectively removed all arguments. If the command line is
bad, then PXELINUX will invoke the onerror clause, which also leads to
you being called, with the bad command line as argument.
Alternately, you can check the first word of the command line for
legality and then pass it on to PXELINUX. But I would not recommend
this. If you do this, every time you add a new image you should not
forget to recreate your myui.c32.
Hope this helps.
- Murali
Gebhardt Thomas wrote:
>Hi,
>
>I'm successfully using PXELINUX for booting several flavors of Linux
>using the LABEL/APPEND syntax in the config file. But I don't want to
>allow the users to append additional kernel command line arguments
>like "init=/bin/sh". Scanning the docs and the mailing list archive I
>could not figure out how to do this. Can anyone give me a hint?
>
>Thanks, Thomas
>
>_______________________________________________
>SYSLINUX mailing list
>Submissions to SYSLINUX at zytor.com
>Unsubscribe or set options at:
>http://www.zytor.com/mailman/listinfo/syslinux
>Please do not send private replies to mailing list traffic.
>
>
>
>
More information about the Syslinux
mailing list