From: tytso@ATHENA.MIT.EDU (Theodore Ts'o) Subject: Re: Linus security/Non root access Date: Fri, 21 Aug 1992 03:20:39 GMT
From: erc@unislc.uucp (Ed Carp)
Date: 21 Aug 92 02:06:26 GMT
Hmmm...you could hack the loader to refuse to load the kernel from
diskette - that might be easier than spending the $$$ to get a machine with
a password protected BIOS. If someone booted MS-DOS from a diskette,
it wouldn't do them any good, anyway, 'cause you can't read a linux
partition from MS-DOS. Not yet, anyway... :)
The loader code is in /usr/src/linux/boot/bootsect.S
Yes, but the boot loader is part of what you load from the floppy. How
are you going to control what randoms stick into a floppy and boot?
After all, anyone who downloaded a copy of bootimage-0.97 would quickly
get around your suggestion.
As I mentioned in private mail, if you're worried about attacks where
people are inserting their own boot disks into your public access linux
machines, the only way you can prevent this is to get a new BIOS, since
it is the BIOS that decides what software to boot. Presumably, you can
trust the BIOS and your hard disk to contain what you wish --- but you
can't control what will be on the boot sector of the floppy that someone
sticks in your computer.
- Ted