Page MenuHomeFreeBSD
Differential D16700

Add SECURITY section to loader(8)
ClosedPublic
Actions

Authored by trasz on Aug 13 2018, 12:26 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Jan 18, 12:39 AM
Unknown Object (File)
Oct 8 2024, 11:33 PM
Unknown Object (File)
Oct 1 2024, 1:17 PM
Unknown Object (File)
Sep 23 2024, 8:20 PM
Unknown Object (File)
Sep 20 2024, 2:10 AM
Unknown Object (File)
Sep 18 2024, 2:58 AM
Unknown Object (File)
Sep 14 2024, 3:39 PM
Unknown Object (File)
Sep 14 2024, 10:51 AM
View All 79 Files
Subscribers
bcr
imp
jilles

Details

Reviewers
imp
bcr
jilles
Group Reviewers
manpages
Commits
rS337834: Add SECURITY section to loader(8).
Summary

Add SECURITY section to loader(8).

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

trasz created this revision.Aug 13 2018, 12:26 PM
Herald added a reviewer: manpages. · View Herald TranscriptAug 13 2018, 12:26 PM
Herald added a subscriber: imp. · View Herald Transcript
Harbormaster completed remote builds in B18760: Diff 46616.Aug 13 2018, 12:26 PM
trasz added a reviewer: imp.Aug 13 2018, 12:27 PM
bcr added a subscriber: bcr.Aug 13 2018, 1:30 PM

Update the .Dd at the top of the file for this content change.
Thanks for working on this.

trasz updated this revision to Diff 46619.Aug 13 2018, 1:50 PM

Also update init(8).

Harbormaster completed remote builds in B18763: Diff 46619.Aug 13 2018, 1:50 PM
imp accepted this revision.Aug 13 2018, 2:32 PM

Looks great.

This revision is now accepted and ready to land.Aug 13 2018, 2:32 PM
jilles added a subscriber: jilles.Aug 13 2018, 9:15 PM

This is useful, but some parts seem too specific to usage in appliances.

stand/man/loader.8
968–975 ↗(On Diff #46619)

This recommendation seems geared towards appliances and kiosk type devices; PCs and servers tend not to be secured this way (if firmware and /etc/ttys are not secured along with loader, securing loader mostly makes it harder to recover from breakage and does not improve security).

Perhaps this can be changed to just mention that setting .Va password or setting .Va autoboot_delay to -1 can prevent unauthorized access to the loader command line.

trasz updated this revision to Diff 46657.Aug 14 2018, 1:22 PM

Tone it down somewhat, mention the firmware.

This revision now requires review to proceed.Aug 14 2018, 1:22 PM
Harbormaster completed remote builds in B18785: Diff 46657.Aug 14 2018, 1:22 PM
trasz marked an inline comment as done.Aug 14 2018, 1:23 PM
bcr accepted this revision.Aug 14 2018, 3:33 PM

Looks good. Don't forget the .Dd bump.

This revision is now accepted and ready to land.Aug 14 2018, 3:33 PM
jilles accepted this revision.Aug 14 2018, 5:50 PM
Closed by commit rS337834: Add SECURITY section to loader(8). (authored by trasz). · Explain WhyAug 15 2018, 8:45 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
head/
sbin/
init/
11 lines
stand/
man/
38 lines

Diff 46691

View Options

head/sbin/init/init.8

Loading...
View Options

head/stand/man/loader.8

Loading...