[syslinux] pxelinux feature request

Jim Cromie jcromie at divsol.com
Mon Jan 3 18:05:43 PST 2005

Alexander Heinz wrote:

> Hello!
> I have outlined a proposal for a new feature of pxelinux in 
> http://www.zytor.com/pipermail/syslinux/2004-December/004360.html (see 
> the last couple of sentences) but nobody has commented it, so I am 
> asking again:
> Imagine a company with a lot of departments and where network booting 
> is widely used. Each department has different needs when it comes to 
> operating systems.
> Because things change very often, it would be a nightmare for a single 
> administrator to update the pxelinux configuration file.
> The administrator should be able to delegate the task of maintainung 
> the configuration file to the departments:
> The master configuration file created by the administrator only 
> provides a basic set of boot images and each department should be able 
> to add new ones.
> Therefore I think that a LOADCONFIG command would be useful for pxelinux.
> Here is an expample:
> pxelinux.cfg/default
> LABEL load_new_config
> when load_new_config is selected pxelinux downloads the file 
> "my_new_config" from the TFTP server with the IP and uses 
> it as its configuration file.
> Comments? Good or bad idea (and why)?
> Alex

while and include mechanism would be nice,
I would be a bit concerned about the exposure to a trojan file.

and what if numeric ips are later supplemented with DNS lookups ?
are you now exposed to dns hijacking w/in your network ?

If this duct-tape is holding your enterprise together,
it seems safer to get updates by email, then push those
out after youve inspected them etc..

how much updating do you envision happening that
a simpler include mechanism would still be a burden?

Further, it seems that it doesnt cover the whole problem,
youve still got a DHCP server in most situations, and having
one config-base shifting independently and uncoordinated
with another seems to be asking for trouble.

It doesnt seem impractical to write scripts or a makefile
to do sanity checks and automate the tedious parts.

I suppose it could be a compile-time option, and the paranoid
could turn it off

More information about the Syslinux mailing list