From: hlu@fili.eecs.wsu.edu (H.J. Lu) Subject: Re: Linus security/Non root access Date: 21 Aug 1992 18:32:36 GMT
In article <qwdpbp0y@cck.coventry.ac.uk>, csg203@cck.coventry.ac.uk (Bluebeard) writes:
|> In article <1992Aug21.020626.20221@unislc.uucp> erc@unislc.uucp (Ed Carp) writes:
|> >Frank Pikelner (frank@cs.yorku.ca) wrote:
|> >
|> >: I'd like to find out if it is possible to say install several machines to run
|> >: Linux and allow the public to use them. The problem I'm trying to resolve is I
|> >: need the machines to have access to a floppy drive, but I do not want anyone
|> >: to be able to boot the machine using their own floppy, and maybe gain access as
|> >: root.
|> >:
|> >: One solution I can think of is getting a machine that has a password protected
|> >: BIOS, and allows the change in the boot order with the hard drive first. I would
|> >: love to hear other ideas, if any do exist.
|> >
|> >Hmmm...you could hack the loader to refuse to load the kernel from
|> >diskette - that might be easier than spending the $$$ to get a machine with
|> >a password protected BIOS. If someone booted MS-DOS from a diskette,
|> >it wouldn't do them any good, anyway, 'cause you can't read a linux
|> >partition from MS-DOS. Not yet, anyway... :)
|>
|> But that wouldn't stop someone with linux/minix boot and root file system
|> disks, booting from floppy and then mounting the hard disk.
|>
|> The protected BIOS is the only real answer unless the linux partition was
|> encoded in some way that only the 'official' kernel could read.
|>
I got an idea. You can modify your kernel source and add some id to your had
partition. You have to modify your mount such that only it can mount
your hd partition. But again, for somebody, they can just read raw device and
figiure it out.
H.J.