Hi, I have added password protection functions (mostly ported from silo) to yaboot, as well as silo's `single-key' feature. I have tested it on my Blue G3 and it works perfectly for me, i would like to have a few more people test it before i send the patch to BenH. you can find binaries and sources and a patch against yaboot 1.1.1 at: http://penguinppc.org/usr/ybin/yaboot/ the way it works is as follows (if your familier with silo or lilo this is nothing new): add `password=secret' to the global section of your /etc/yaboot.conf. doing this alone will cause yaboot to require the password to boot any image no matter what. this will prevent unattended booting so its not the ideal configuration. to allow unattended booting of a single image, but prevent anyone from entering command line arguments (such as init=/bin/sh) add `restricted' to the image= section of the default kernel. alternatly you can put restricted in the global section and have it applied to all images. (this is an enhancment over silo which does not permit per image restricted mode). Example: boot=/dev/hda2 device=hd: partition=3 timeout=50 install=/usr/local/lib/yaboot/yaboot magicboot=/usr/lib/yaboot/ofboot password=s3cr3t default=linux image=/vmlinux label=linux root=/dev/hda3 read-only restricted image=/vmlinux.old label=linux.old root=/dev/hda3 read-only with this configuration the default image /vmlinux will be booted by default unattended, no password required. the user is also allowed to enter `linux' and boot this image again without the password. however if the user attempts to boot: linux init=/bin/sh yaboot will insist that they enter the password, unless the correct password is entered yaboot will refuse to comply. if they attempt to boot `linux.old' yaboot will require the password, and will refuse to boot that image unless its supplied. after three invalid password entries there is a 3 second delay and the machine is rebooted, i find this more useful then dropping into a broken OpenFirmware prompt (and perhaps more secure depending on how Apple's OF security implementation works after a client exits). since the password is in plaintext its important that /etc/yaboot.conf be mode 0600 owned by root, ybin 0.31 and later checks this and warns you if the permissions are insecure. the bootstrap partition must be type Apple_Bootstrap and not Apple_HFS to prevent OSX from automounting it allowing any OSX user to find out the password. if you allow booting to MacOS you should use the mulitple users function to prevent access to control panels, though if you allow MacOS booting your already in trouble since that OS has no real security. you should of course utilize the recently added security features of OpenFirmware to make this more effective, if your fortunatate enough to have a machine apple fixed. as for the single-key feature this allows you to have entries that can be booted by hitting a single key, much like ybin's multiboot menu works, to enable this the image label or one of its aliases must be only once character, and `single-key' added to that image section. Example: image=/vmlinux label=debian alias=l single-key root=/dev/hda3 read-only now just hitting the `l' key at the yaboot boot: prompt will boot this image, no need to even hit the return key. if you needed to supply arguments to such an image and there is no alias or label that is not single-keyed simply enter a space first, then the letter, and then arguments, the space is ignored but will prevent single-key from being triggered. please test this and send me feedback, if after a few days i don't here about any problems i will send the patch to BenH officially and we will see if he accepts it ;-) meanwhile ybin 1.1 will come with a patched yaboot in a few days. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpnZoKqzVwPY.pgp
Description: PGP signature