[syslinux] Issues with syslinux_run_command(str) and parameters
Ian Bannerman
ian at internals.io
Mon May 5 11:10:08 PDT 2014
I didn't see any further communication here; would anyone be against my submitting/proposing a patch for this?
I can see two possible approaches. One approach would be to isolate the restriction on user commands away from syslinux_run_command / load_kernel.
Another would perhaps be to add support for a 'NOTAB' or 'NOTABTOEDIT' option. There already exists a NOESCAPE setting, so the remaining piece would be restricting tab. (And perhaps holding shift to get to the console.. Hmm.)
I would appreciate any suggestions :)
Thank you,--Ian
> From: ian at internals.io
> To: ady-sf at hotmail.com; syslinux at zytor.com
> Date: Tue, 29 Apr 2014 21:27:46 -0500
> Subject: Re: [syslinux] Issues with syslinux_run_command(str) and parameters
>
> Yes, MENU HIDE would work as well, but still requires additional entries for each case (possible entries for pxe, syslinux, isolinux, cpu architectures, PCI devices, lua scripting scenarios, etc.)
>
> By blocking modules, I meant that as long as I disable user editing of menu commands via ALLOWOPTIONS 0, I cannot use any of the following com32 modules without creating duplicate LABEL entries for each possible scenario. All of these modules use syslinux_run_cmd() so parameters on the command line will not be received:
> - gfxboot.c32- cmd.c32- lua.c32- ethersel.c32- ifcpu.c32- ifcpu64.c32- ifmemdsk.c32- ifplop.c32- whichsys.c32- rosh.c32
>
>
> This doesn't feel like an intended restriction of ALLOWOPTIONS 0.
>
> --Ian
>
> > From: ady-sf at hotmail.com
> > To: syslinux at zytor.com
> > Date: Wed, 30 Apr 2014 05:06:55 +0300
> > Subject: Re: [syslinux] Issues with syslinux_run_command(str) and parameters
> >
> >
> > >
> > > I did confirm earlier that this does work, and combined with a MENU
> > > HIDDEN to hide it from the visible menu it is a possible solution. I
> > > originally assumed that this was due to that going down a different
> > > code path and did not mention it, apologies. The scale of my menu
> > > makes doubling/tripling menu entries less ideal, though.
> > >
> > >
> > > Do we consider it intended functionality that modules such as
> > > whichsys will not work under ALLOWOPTIONS 0? A strict reading of the
> > > wiki would allow for this, as the subsequently loaded module does not
> > > have parameters in an append
> > > label: http://www.syslinux.org/wiki/index.php/SYSLINUX#ALLOWOPTIONS_fl
> > > ag_val
> > >
> > >
> > > Naturally given my situation here, I think it would be ideal if we
> > > could separate disabling user edits & commands from blocking modules
> > > loading other modules, etc. :)
> > >
> > > --Ian
> >
> > Just FYI... You could potentially avoid MENU HIDDEN. A different
> > directive, MENU HIDE, might be convenient. It all depends on the
> > whole set of cfg files, and on your goals. For example:
> > LABEL sys
> > MENU HIDE
> > LINUX memdisk
> > INITRD myimage
> > APPEND floppy raw
> >
> >
> > Regarding "ALLOWOPTIONS 0"...
> >
> > It is not blocking modules. And this directive can also be used in
> > CLI too, without a menu.
> >
> > In particular, these tests show you that it is not blocking
> > whichsys.c32.
> >
> > You might want to read the meaning of this directive as: "only allow
> > LABELs (as-is) to be executed", but that would be slightly
> > inaccurate, as any (type of) command can be executed, as long as it
> > doesn't need additional arguments.
> >
> > So, if we use "ALLOWOPTIONS 0", the following command (from CLI) is
> > not allowed:
> > cat.c32 help.txt
> >
> > just because "cat.c32" needs an additional argument, a file
> > ("help.txt").
> >
> > In case we had an entry in the cfg file such as:
> > LABEL cat_help
> > COM32 cat.c32
> > APPEND help.txt
> >
> > then we could execute the command:
> > cat_help
> >
> > which doesn't need additional arguments.
> >
> > We could also execute "ls.c32", because it doesn't need additional
> > arguments.
> >
> > In your example, 'memdisk' requires additional arguments (at least
> > the "initrd"). So, if you define a LABEL entry for the exact command,
> > you should be able to execute it (by means of the corresponding
> > "label").
> >
> > Regards,
> > Ady.
> >
> > _______________________________________________
> > Syslinux mailing list
> > Submissions to Syslinux at zytor.com
> > Unsubscribe or set options at:
> > http://www.zytor.com/mailman/listinfo/syslinux
>
> _______________________________________________
> Syslinux mailing list
> Submissions to Syslinux at zytor.com
> Unsubscribe or set options at:
> http://www.zytor.com/mailman/listinfo/syslinux
More information about the Syslinux
mailing list