[syslinux] Don't allow users to append additional kernel cmdline args
Murali Krishnan Ganapathy
gmurali at cs.uchicago.edu
Thu Apr 15 08:38:10 PDT 2004
As soon as you allow users to boot off a CD, there is nothing preventing
them from bringing their own bootable CD, and wreaking havoc. So you
will not gain any additional security from this feature. The only thing
you may gain from this feature is to make sure your users will not use
your CD to hack into your own system.
- Murali
Gebhardt Thomas wrote:
>Hi,
>
>
>
>>One solution is write your own COMBOOT interface,
>>say myui.c32. Configure pxelinux.cfg to invoke myui.c32 immediately,
>>
>>
>
>....
>
>
>
>>It's not possible with the current version. You can force to only use
>>specific labels (IMPLICIT-command), but you can't prevent additional
>>arguments.
>>
>>
>
>thank you very much for your answers! I'm a bit surprised, however, that
>there is no easy way to do it. I would consider this a rather basic feature,
>since it is the only way to achieve at least BIOS password level security in
>a multiboot environment (or am I missing something?).
>
>Cheers, Thomas
>
>_______________________________________________
>SYSLINUX mailing list
>Submissions to SYSLINUX at zytor.com
>Unsubscribe or set options at:
>http://www.zytor.com/mailman/listinfo/syslinux
>Please do not send private replies to mailing list traffic.
>
>
>
>
More information about the Syslinux
mailing list