> Or should I forget about it totally and just make a patch for
> LILO that adds allowing/denying certain options at the
> LILO boot prompt (so I could blacklist init= and *LD_*) ?
> This would ofcourse not help people using loadlin for example.
>
i think using lilo with the PASSWORD (and maybe RESTRICTED) options
provide fair security for most people (provided the bios is configured to
not boot from floppy). adding in a blacklist feature isn't a bad idea,
but it is probably overkill- having password protection on all boot
parameters handles just about everything.
what concerns me is that i believe there are several people who still
must boot dos to do various hardware initialization stuff and then use
loadlin to get into linux. are these people are going to be in a bind
or am i missing something?
i am aware that if you can boot a machine, you can generally gain full
access to it. but i personally like the idea of disabling the init= and
LD_PRELOAD= being a compile time choice. there's no reason to make it
easy.
jeff
---
Why Linux? source code. POSIX. tcpip. job control. support from the authors.
drivers for most hardware. because one terminal or process is never enough.
forget the other O/Ss, i use Linux- the choice of a gnu generation.