Multiple save files at boot time (Solved)

Using applications, configuring, problems
Post Reply
Message
Author
proebler
Posts: 178
Joined: Tue 24 Jan 2012, 11:15
Location: TAS

Multiple save files at boot time (Solved)

#1 Post by proebler »

Running frugal installs from USB flash with personal save files.

When multiple personal files are available at boot time, they are offered as options 1, 2, 3 etc. to chose from.
There is also option 0 -none, which allows booting the 'native' system.

I would like to boot without that option 0 being shown.
Can this be done and if so, how?

Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.

proebler

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Re: multiple personal save files at boot time

#2 Post by L18L »

proebler wrote:...I would like to boot without that option 0 being shown.
Can this be done and if so, how?...
edit file named init in initrd.gz (just one click on initrd.gz)
change (line 828 ?)

Code: Select all

    echo "0  none" > /dev/console
to

Code: Select all

    # echo "0  none" > /dev/console
that was how to not show that option

I think disabling that option will be required too:
change (line 837?)

Code: Select all

    read NUMSAVE
to

Code: Select all

 NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; done;
Thus only numbers between 1 and NUMPUPSAVES can be accepted.

Where is TAS :?:

proebler
Posts: 178
Joined: Tue 24 Jan 2012, 11:15
Location: TAS

#3 Post by proebler »

part success!

I now have:
[Lines 775 -787, initrd.gz of Lupu-5.2.8-005]

Code: Select all

  echo "Type a number to choose which personal file to use:" > /dev/console
    #echo "0  none" > /dev/console
    for ONECHOICE in `cat /tmp/PUPSAVE2SFSS | tr '\n' ' '`
    do
     ONEFILE="`echo -n "$ONECHOICE" | cut -f 3 -d ','`"
     ONEPART="`echo -n "$ONECHOICE" | cut -f 1 -d ','`"
     echo -e "${CNTSAVE}  ${ONEPART}\\033[10G${ONEFILE}" > /dev/console #10 means move to that column.
     CNTSAVE=`expr $CNTSAVE + 1`
    done
    echo -en "\\033[0;39m" >/dev/console
    NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; done;
    #read NUMSAVE
    [ $NUMSAVE -ne 0 ] && PUPSAVE="`cat /tmp/PUPSAVE2SFSS | tr '\n' ' ' | cut -f $NUMSAVE -d ' '`"

That works ok for all numbers , however if a non-number key is entered [followed by Enter/Return] or simply Enter/Return, then the 'native, system is still loaded.
Can that be prevented as well?

@L18L:
thank you, TAS is 42.8806° S, 147.3250° E
...und mein Motto ist probieren geht über studieren :-)

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#4 Post by L18L »

proebler wrote:... probieren geht über studieren :-)
:idea:
So let us change that line to
NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; NUMSAVE=$(( $NUMSAVE )); done
8)

proebler
Posts: 178
Joined: Tue 24 Jan 2012, 11:15
Location: TAS

#5 Post by proebler »

:D Great!
it works now exactly as desired.
Even loads the base system when no personal save file is present.

many thanks
proebler

:?: how do I mark the post as solved in the Subject box?

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#6 Post by Flash »

Just click on the "Edit" button in your post. I changed it for you.

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#7 Post by L18L »

NUMSAVE=-1;while [ `printf '%d' "'$NUMSAVE"` -lt 49 -o `printf '%d' "'$NUMSAVE"` -gt $(( 48 + $NUMPUPSAVES )) ]; do read -n 1 NUMSAVE; done
Still a bit better because no errors when alpha input
Should work up to 9 save files
but needs to be tested in initrd

proebler
Posts: 178
Joined: Tue 24 Jan 2012, 11:15
Location: TAS

#8 Post by proebler »

thanks L18L, I will try it.

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

Re: Multiple save files at boot time (Solved)

#9 Post by Q5sys »

proebler wrote: Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.

proebler
In point of fact it wont. Because a user could enter the kernel parameter pfix=ram at boot time and the system will boot without attempting loading a savefile.
Unless you are removing that functionality as well.

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Re: Multiple save files at boot time (Solved)

#10 Post by L18L »

Q5sys wrote:... a user could enter the kernel parameter pfix=ram at boot time...
menu.lst wrote:# menu.lst produced by grub4dosconfig-v1.8.0
color blue/cyan yellow/blue white/black cyan/black
#splashimage=/splash.xpm
timeout 0
default 0

# Frugal installed Puppy

title Puppy precise 5.4.2 (sdb6)
uuid 28afc2de-0d44-484c-a1cd-a1e82531eacb
kernel /vmlinuz pmedia=usbflash pfix=fsck
initrd /initrd.gz
Where can a user enter "pfix=ram" :?:

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

Re: Multiple save files at boot time (Solved)

#11 Post by Q5sys »

L18L wrote:
Q5sys wrote:... a user could enter the kernel parameter pfix=ram at boot time...
menu.lst wrote:# menu.lst produced by grub4dosconfig-v1.8.0
color blue/cyan yellow/blue white/black cyan/black
#splashimage=/splash.xpm
timeout 0
default 0

# Frugal installed Puppy

title Puppy precise 5.4.2 (sdb6)
uuid 28afc2de-0d44-484c-a1cd-a1e82531eacb
kernel /vmlinuz pmedia=usbflash pfix=fsck
initrd /initrd.gz
Where can a user enter "pfix=ram" :?:
usually during the splash screen...
Image

its where you can trigger custom kernel commands like, pmedia=usbflash pfix=fsck pfix=clean except you're using the switch pfix=ram
Yes I realize you have the timeout at 0, but dont count on that, ive seen timeouts of 0 being bypassed before. usually by mashing on the space bar as soon as you boot the system. Sometimes you just get lucky and the spacebar is read before the timeout is read.

But all of this is honestly smoke and mirrors...
Anything thats a setting in grub can be changed by simply mounting the drive on another device and editing menu.lst.

So are you actually more secure? The answer is no.
Do you feel more secure? The answer here is probably yes.

If they have access to your hardware they can do whatever they want. In this scenario, you've already acknowledged that someone has hardware access since they have the ability to boot your system. if they have access to your system, they have access to change any security you put in place to stop them from booting it and editing the switches.

proebler
Posts: 178
Joined: Tue 24 Jan 2012, 11:15
Location: TAS

#12 Post by proebler »

@L18L

Code: Select all

NUMSAVE=-1;while [ ‘printf ‘%d’ “‘$NUMSAVE"’ -lt 49 -o ‘printf ‘%d’ “‘$NUMSAVE"’ -gt $(( 48 + $NUMPUPSAVES )) ]; do read -n 1 NUMSAVE; done	
tested, but does not work as intended.
It presents the login with the 1st of the save files by default.
More save files are listed but their selection is not possible.
The initial solution works fine anyway and I am happy with it.
Note 1.
With the initial solution: esc, F-keys and shift[ed] non-alphabet keys [e.g. &] lead to kernel panic.
I have not tested them all. Not a problem for me.
This does not happen with the original initrd.gz.
Note 2.
I put the modified initrd.gz on a CD together with a re-mastered Puppy.
When that boots and I wish to run without the use of a save file, then I must make use of the splash screen and pfix=ram.
The 0 (none) option is of course no longer offered together with the found save files.

@Q5sys
Indeed, I am aware of the limitations and perhaps stating my reason as I did,
Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.
was not the best way.
My main intention really is modest and simple:
I want to prevent easy [even non-malicious] deletion of a personal save file.
Not being able to willy-nilly boot Puppy -and thus gain access to those files-, is all I want.
It is partly a thought exercise, exploring what can be done.

Having set theGrub4Dos time delay to 0 [as I have], gives a measure of protection.
It would be enough to thwart the unwary, but may, as Q5sys points out, be no obstacle for the determined. [I tried unsuccessfully, but was not all that determined ].
The way I boot, there is no [Puppy] splash screen , so you won’t get any advise about custom commands.
If you do manage to get to the Grub4Dos boot screen, then yes, you can edit in a custom kernel command. But you would need to know what that custom command has to be.
If you are clever at these things, and to make it a bit harder [?], you could perhaps modify Grub4Dos so that it does not show the way to edit [e] or does not allow edit at all.

So, ... having managed to beat the 0 time delay and knowing Puppy’s custom boot commands, the basic Puppy can be booted.
And having managed it, he/she may then as well delete the encrypted save files ... good riddance, I would probably want that! :-(

Acknowledged: There is no absolute security.

I hope that my reasoning is reasonable :-)

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#13 Post by Q5sys »

proebler wrote: Acknowledged: There is no absolute security.

I hope that my reasoning is reasonable :-)
yes perfectly reasonable. some people go into issues like this thinking they have a perfect solution. there is no perfect solution.
as long as a person is aware of the amount of risk (in this case small), they can manage it in whatever way they feel i acceptable.

as long as you are happy with your solution and understand its limits, thats all that matters. :)

Post Reply