[syslinux] Don't allow users to append additional kernel cmdline args

[Murali Krishnan Ganapathy]

The only thing I can think of is COMBOOT.

If the user knows the name of the kernel, they can invoke it directly 
and pass arguments. One solution is write your own COMBOOT interface, 
say myui.c32. Configure pxelinux.cfg to invoke myui.c32 immediately, 
without any timeout. Also configure pxelinux.cfg to invoke myui.c32 in 
case of any error. In the first case myui.c32 will not get any 
arguments. In the second case, the bad command line will be given as 
your argument.

So PXELINUX will call your code immediately, and you give the "boot:" 
prompt. Then once you have the user's commandline, you can extract the 
first word and use PXELINUX API to execute the specified instruction. 
Thus you have effectively removed all arguments. If the command line is 
bad, then PXELINUX will invoke the onerror clause, which also leads to 
you being called, with the bad command line as argument.

Alternately, you can check the first word of the command line for 
legality and then pass it on to PXELINUX. But I would not recommend 
this. If you do this, every time you add a new image you should not 
forget to recreate your myui.c32.

Hope this helps.
- Murali


Gebhardt Thomas wrote:

>Hi,
>
>I'm successfully using PXELINUX for booting several flavors of Linux
>using the LABEL/APPEND syntax in the config file. But I don't want to
>allow the users to append additional kernel command line arguments
>like "init=/bin/sh". Scanning the docs and the mailing list archive I
>could not figure out how to do this.  Can anyone give me a hint?
>
>Thanks, Thomas
>
>_______________________________________________
>SYSLINUX mailing list
>Submissions to SYSLINUX at zytor.com
>Unsubscribe or set options at:
>http://www.zytor.com/mailman/listinfo/syslinux
>Please do not send private replies to mailing list traffic.
>
>
>  
>