[syslinux] "NOESCAPE 1" is easily escapable
Paul Whittaker
paw at si1.dod.gov.au
Sat Aug 13 18:12:59 PDT 2005
(I apologise if this has already been reported - the archive isn't very
searchable.)
At present the NOESCAPE keyword seems rather useless, because a boot
prompt is offered whenever attempts to load a boot image is interrupted
using <Ctrl>C. Intuitively, I would expect "NOESCAPE 1" to lock this
down also, and that {sys,pxe,iso.ext}linux would simply fall through to
the impicit or explicit ONERROR behaviour. It doesn't.
This is particularly a problem for those using the password protection
features of menu.c32, because access to a boot prompt will completely
subvert this protection. For example, if I have a standard boot image
and a password-protected privileged boot image, I can start booting the
standard image, interrupt the boot, and then enter the name of the
privileged image to boot it *without entering the password*.
P.S. I've also noted that use of "IMPLICIT 0" can have some rather
unexpected side-effects when using menu.c32. Adding a warning about
this to README.menu might be a good idea.
More information about the Syslinux
mailing list