[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kernel-option for quiet booting?

To: "'Andy Isaacson'" <adi@hexapodia.org>
Subject: Re: Kernel-option for quiet booting?
From: "Torsten Valentin" <winsock2@musiker.de>
Date: Tue, 1 Oct 2002 09:55:12 +0200
Cc: <misc@openbsd.org>

> > Is there a possibility to make the kernel be quiet while booting up
and
> > not displaying all kind of messages?
> No.  (Which is not to say it could not be added.)
> Care to share with the list the reasons *why* you think this would be
a
> good idea?  To me it seems likely to result in useless bug reports and
> more difficult debugging sessions.

Yes, this would be the case if it was the default, which obviously makes
no sense. 

I doubt I can convince you or anyone else, but I try to describe my
thoughts about it:

I regard the kernel messages at boot time as unnecessary information
disclosure which could be used by unauthorized persons to find out
details they should not or at least don't need to know.

I know there are a dozen of considerations where one could say it makes
no sense to hide information where someone has physical access to a
machine. But the difference is obvious: If you touch a machine
physically, you'll be caught easily. If you just collect information
that you could use for breaking into a machine, no one takes notice.
Then you could possibly use the collected information and break into the
machine from your home PC. Why did people invent the "blackhole" option?
Just because it makes sense to give as few information as possible to a
potential attacker. And that's my point.

I regard administrators with restricted rights as a potential security
issue, because they often have physical access to the computer room, but
do not have the rights to log into a machine. Now if a low privileged
admin powercycles a machine he has a lot of information from the bootup
he should not have. In a large company there's usually (if they take
security serious) a couple of administrators for different areas and
though they all have physical access to the computer room, only few have
the root-pw for critical machines.

Now if I have a machine that I tested as running fine and which is to go
into production, I could recompile the kernel with the same options, but
with the --quiet option if there was one. The so compiled kernel could
become the standard-kernel for automatic booting. If the machine crashes
for some reason or has hardware faults or so, I'd have to touch it and
in 99 of hundred cases, I'd have to reboot it anyway. If I have to
reboot it, I could easily boot it with the bsd.debug-kernel, which
obviously should not have the --quiet option.

T.

> -andy

Follow-Ups:
- Re: Kernel-option for quiet booting?
  - From: Jolan Luff <jolan@cryptonomicon.org>

Prev by Date: 未承諾広告※ちょっと Hな恋人 GET！！
Next by Date: Re: Kernel-option for quiet booting?
Prev by thread: 未承諾広告※ちょっと Hな恋人 GET！！
Next by thread: Re: Kernel-option for quiet booting?
Index(es):
- Date
- Thread