[Bug 221289] Setting loader.conf password prevents autoboot, manual boot still okay; password leaked
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sun Aug 6 18:58:36 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=221289
fred at boyce.za.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fred at boyce.za.net
--- Comment #1 from fred at boyce.za.net ---
Some additional notes:
a. If I remove the 'password="test"' from loader.conf, everything works again.
So it does seem to be that when we go through the
sys/boot/forth/check-password.4th code path that the environment for autoboot
is subtly different.
b. Regarding problem 2, I also noticed that the /boot directory and loader.conf
are world-readable by default, which leaks the boot password in plain text to
any user on the system. Should I raise a separate issue for that?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list