Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

systemd-boot: allow setting editor security option #21853

Merged
merged 1 commit into from Jan 21, 2017
Merged

systemd-boot: allow setting editor security option #21853

merged 1 commit into from Jan 21, 2017

Conversation

lheckemann
Copy link
Member

@lheckemann lheckemann commented Jan 13, 2017
edited

Motivation for this change

Security. Currently anyone can easily gain root access on an unencrypted, powered off machine using systemd-boot from NixOS.
See also #21832

Things done

Note that I have NOT tested this yet!

@mention-bot
Copy link

@lheckemann, thanks for your PR! By analyzing the history of the files in this pull request, we identified @Mic92, @edolstra and @dezgeg to be potential reviewers.

grahamc
grahamc reviewed Jan 13, 2017
View reviewed changes
nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix

description = ''
Whether to allow editing the kernel command-line before
boot. It is recommended to set this to false, as it allows
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Who recommends it be set to false?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

https://wiki.archlinux.org/index.php/Systemd-boot#Basic_configuration

@globin globin added this to the 17.03 milestone Jan 19, 2017
@fpletz fpletz merged commit 98bd722 into NixOS:master Jan 21, 2017
@bjornfor bjornfor mentioned this pull request Jan 22, 2017
Closed
@lheckemann lheckemann deleted the systemd-boot-editor branch April 16, 2017 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@grahamc grahamc grahamc left review comments

@fpletz fpletz fpletz approved these changes

@globin globin globin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
17.03
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@lheckemann @mention-bot @grahamc @fpletz @globin