Syslinux - Apr 2004 - Don't allow users to append additional kernel cmdline args

Hi,

I'm successfully using PXELINUX for booting several flavors of Linux
using the LABEL/APPEND syntax in the config file. But I don't want to
allow the users to append additional kernel command line arguments
like "init=/bin/sh". Scanning the docs and the mailing list archive I
could not figure out how to do this.  Can anyone give me a hint?

Thanks, Thomas

The only thing I can think of is COMBOOT.

If the user knows the name of the kernel, they can invoke it directly 
and pass arguments. One solution is write your own COMBOOT interface, 
say myui.c32. Configure pxelinux.cfg to invoke myui.c32 immediately, 
without any timeout. Also configure pxelinux.cfg to invoke myui.c32 in 
case of any error. In the first case myui.c32 will not get any 
arguments. In the second case, the bad command line will be given as 
your argument.

So PXELINUX will call your code immediately, and you give the "boot:" 
prompt. Then once you have the user's commandline, you can extract the 
first word and use PXELINUX API to execute the specified instruction. 
Thus you have effectively removed all arguments. If the command line is 
bad, then PXELINUX will invoke the onerror clause, which also leads to 
you being called, with the bad command line as argument.

Alternately, you can check the first word of the command line for 
legality and then pass it on to PXELINUX. But I would not recommend 
this. If you do this, every time you add a new image you should not 
forget to recreate your myui.c32.

Hope this helps.
- Murali


Gebhardt Thomas wrote:
>Hi,
>
>I'm successfully using PXELINUX for booting several flavors of Linux
>using the LABEL/APPEND syntax in the config file. But I don't want to
>allow the users to append additional kernel command line arguments
>like "init=/bin/sh". Scanning the docs and the mailing list
archive I
>could not figure out how to do this.  Can anyone give me a hint?
>
>Thanks, Thomas
>
>_______________________________________________
>SYSLINUX mailing list
>Submissions to SYSLINUX at zytor.com
>Unsubscribe or set options at:
>http://www.zytor.com/mailman/listinfo/syslinux
>Please do not send private replies to mailing list traffic.
>
>
>  
>

Hi,

Gebhardt Thomas <gebhardt at HRZ.Uni-Marburg.DE> schrieb am 13.04.04
11:50:05:
 
> I'm successfully using PXELINUX for booting several flavors of Linux
> using the LABEL/APPEND syntax in the config file. But I don't want to
> allow the users to append additional kernel command line arguments
> like "init=/bin/sh". Scanning the docs and the mailing list
archive I
> could not figure out how to do this.  Can anyone give me a hint?
It's not possible with the current version. You can force to only use
specific labels (IMPLICIT-command), but you can't prevent additional
arguments.

Regards,

Josef
_____________________________________________________________________
Der WEB.DE Virenschutz schuetzt Ihr Postfach vor dem Wurm Netsky.A-P!
Kostenfrei fuer alle FreeMail Nutzer. http://f.web.de/?mc=021157