[Bug 221289] Setting loader.conf password prevents autoboot, manual boot still okay; password leaked

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Sun Aug 6 18:58:36 UTC 2017


fred at boyce.za.net changed:

           What    |Removed                     |Added
                 CC|                            |fred at boyce.za.net

--- Comment #1 from fred at boyce.za.net ---
Some additional notes:

a. If I remove the 'password="test"' from loader.conf, everything works again.
So it does seem to be that when we go through the
sys/boot/forth/check-password.4th code path that the environment for autoboot
is subtly different.

b. Regarding problem 2, I also noticed that the /boot directory and loader.conf
are world-readable by default, which leaks the boot password in plain text to
any user on the system. Should I raise a separate issue for that?

You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list