[syslinux] SYSLINUX 2.09, 2.10-pre1 released
H. Peter Anvin
hpa at zytor.com
Thu Apr 29 10:56:47 PDT 2004
Gebhardt Thomas wrote:
> Hi,
>
> I'd really appreciate if there were a PXELINUX option that would prevent
> users from adding kernel commandline boot parameters apart from the
> options nailed down in the configuration file. This is a very basic security
> issue in an unattended, potentially hostile environment if you don't want
> user to become root (init=/bin/sh), a situation not that uncommon.
>
> I hope that such a configuration flag is not that complicated to implement,
> since it is not a really new feature, but just disables an already functional
> feature.
>
It's a new feature, and it is unfortunately reasonably complex to
implement. What makes me really question the value is that it's not
clear to me that there aren't other security holes in the whole scenario.
-hpa
More information about the Syslinux
mailing list