[syslinux] problem with PXElinux and security of local LAN - readonly double boot idea
H. Peter Anvin
hpa at zytor.com
Tue Dec 20 13:01:32 PST 2005
Jason Keltz wrote:
> H. Peter Anvin wrote:
>
>> There is another way to do this, which is in the network: program your
>> switches to eat DHCP packets that don't come from the authorized DHCP
>> server.
>
> Unfortunately, this won't do it either. Imagine the case where a
> student unplugs the lab machine and plugs it into a separate network
> port on their laptop.
>
> Is there absolutely no way through comboot to query the DHCP server (or
> some other server like a web server) for a simple value through
> sys/extlinux is there? This would just be very ideal.
>
Sure, you can talk directly to the PXE stack, and send and receive UDP
traffic just fine. You can also examine the DHCP packet.
However, you have to make sure the enire path up to that point is
enforced, or they can just boot something else.
-hpa
More information about the Syslinux
mailing list