[Bug 198760] loader.conf(5)/check-password.4th(8): bootlock_password exceeding 16 characters creates unbootable system
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Mar 21 01:33:53 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=198760
Bug ID: 198760
Summary: loader.conf(5)/check-password.4th(8):
bootlock_password exceeding 16 characters creates
unbootable system
Product: Base System
Version: 9.2-RELEASE
Hardware: Any
OS: Any
Status: New
Severity: Affects Only Me
Priority: ---
Component: kern
Assignee: freebsd-bugs at FreeBSD.org
Reporter: dteske at FreeBSD.org
When utilizing the bootlock_password feature of loader.conf(5) (see
check-password.4th(8) for additional details) introduced in FreeBSD
9.2-RELEASE, if you set a password that exceeds 16 characters in length, the
system cannot be booted since check-password.4th does a comparison between the
full contents of $bootlock_password and the 16-byte-max user input.
check-password.4th should instead truncate the loader.conf(5) variable contents
to the maximum allowable length prior to comparison against user-input. This
would allow a system to boot if the user is knowledgable of the input limit
while the loader.conf setting exceeds maximum user-input -- the alternative
being that you absolutely must use a LiveCD to recover from the situation of
innocuously setting a value that is greater than 16 characters in length.
NB: An enhancement coming soon will increase the maximum length to 255
characters which will make it less likely that folks will hit this -- but
despite that, the solution of making a truncated comparison will alleviate the
situation of making an unbootable system unintentionally.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list