[syslinux] SYSLINUX 2.09, 2.10-pre1 released

H. Peter Anvin hpa at zytor.com
Thu Apr 29 10:56:47 PDT 2004

Gebhardt Thomas wrote:
> Hi,
> I'd really appreciate if there were a PXELINUX option that would prevent
> users from adding kernel commandline boot parameters apart from the
> options nailed down in the configuration file. This is a very basic security 
> issue in an unattended, potentially hostile environment if you don't want 
> user to become root (init=/bin/sh), a situation not that uncommon.
> I hope that such a configuration flag is not that complicated to implement,
> since it is not a really new feature, but just disables an already functional
> feature.

It's a new feature, and it is unfortunately reasonably complex to 
implement.  What makes me really question the value is that it's not 
clear to me that there aren't other security holes in the whole scenario.


More information about the Syslinux mailing list