Subject: Re: asking for the path to init.
To: Darren Reed <firstname.lastname@example.org>
From: Chris G. Demetriou <email@example.com>
Date: 09/17/1999 21:40:01
Darren Reed <firstname.lastname@example.org> writes:
> If there is to be a condition placed on the presence of the ability to
> specify a different init other than /sbin/init because of security
> requirements then that same condition should also be enforced on the
> other questions which can also lead to a security breach (i.e. where is
> the root filesystem).
Yes. and that condition is _already_ the ability to pass RB_ASKNAME
to the kernel, via flags given at a boot block/firmware prompt.
don't have a boot block and firmware which can allow "secure" (as in,
no specification of boot device, no specification of boot flags, etc),
then you should get a better system if you need that functionality.
There's just about nothing NetBSD can do to protect you from people
hacking at your firmware prompt...
Chris Demetriou - email@example.com - http://www.netbsd.org/People/Pages/cgd.html
Disclaimer: Not speaking for NetBSD, just expressing my own opinion.