Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Fri 19 Dec 2014, 12:45
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
Multiple save files at boot time (Solved)
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [13 Posts]  
Author Message
proebler

Joined: 24 Jan 2012
Posts: 70
Location: TAS

PostPosted: Sat 26 Jan 2013, 06:54    Post subject:  Multiple save files at boot time (Solved)
Subject description: wishing to remove option 0 (none)
 

Running frugal installs from USB flash with personal save files.

When multiple personal files are available at boot time, they are offered as options 1, 2, 3 etc. to chose from.
There is also option 0 -none, which allows booting the 'native' system.

I would like to boot without that option 0 being shown.
Can this be done and if so, how?

Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.

proebler
Back to top
View user's profile Send private message 
L18L

Joined: 19 Jun 2010
Posts: 2610
Location: www.eussenheim.de/

PostPosted: Sat 26 Jan 2013, 08:12    Post subject: Re: multiple personal save files at boot time
Subject description: wishing to remove option 0 (none)
 

proebler wrote:
...I would like to boot without that option 0 being shown.
Can this be done and if so, how?...


edit file named init in initrd.gz (just one click on initrd.gz)
change (line 828 ?)
Code:
    echo "0  none" > /dev/console

to
Code:
    # echo "0  none" > /dev/console


that was how to not show that option

I think disabling that option will be required too:
change (line 837?)
Code:
    read NUMSAVE

to
Code:
 NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; done;

Thus only numbers between 1 and NUMPUPSAVES can be accepted.

Where is TAS Question
Back to top
View user's profile Send private message 
proebler

Joined: 24 Jan 2012
Posts: 70
Location: TAS

PostPosted: Mon 28 Jan 2013, 07:15    Post subject:
Subject description: wishing to remove option 0 (none)
 

part success!

I now have:
[Lines 775 -787, initrd.gz of Lupu-5.2.8-005]
Code:
  echo "Type a number to choose which personal file to use:" > /dev/console
    #echo "0  none" > /dev/console
    for ONECHOICE in `cat /tmp/PUPSAVE2SFSS | tr '\n' ' '`
    do
     ONEFILE="`echo -n "$ONECHOICE" | cut -f 3 -d ','`"
     ONEPART="`echo -n "$ONECHOICE" | cut -f 1 -d ','`"
     echo -e "${CNTSAVE}  ${ONEPART}\\033[10G${ONEFILE}" > /dev/console #10 means move to that column.
     CNTSAVE=`expr $CNTSAVE + 1`
    done
    echo -en "\\033[0;39m" >/dev/console
    NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; done;
    #read NUMSAVE
    [ $NUMSAVE -ne 0 ] && PUPSAVE="`cat /tmp/PUPSAVE2SFSS | tr '\n' ' ' | cut -f $NUMSAVE -d ' '`"


That works ok for all numbers , however if a non-number key is entered [followed by Enter/Return] or simply Enter/Return, then the 'native, system is still loaded.
Can that be prevented as well?

@L18L:
thank you, TAS is 42.8806° S, 147.3250° E
...und mein Motto ist probieren geht über studieren Smile
Back to top
View user's profile Send private message 
L18L

Joined: 19 Jun 2010
Posts: 2610
Location: www.eussenheim.de/

PostPosted: Mon 28 Jan 2013, 14:06    Post subject:
Subject description: wishing to enable valid responses only
 

proebler wrote:
... probieren geht über studieren Smile

Idea
So let us change that line to
Quote:
NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; NUMSAVE=$(( $NUMSAVE )); done

Cool
Back to top
View user's profile Send private message 
proebler

Joined: 24 Jan 2012
Posts: 70
Location: TAS

PostPosted: Mon 28 Jan 2013, 18:46    Post subject:
Subject description: wishing to enable valid responses only [Solved]
 

Very Happy Great!
it works now exactly as desired.
Even loads the base system when no personal save file is present.

many thanks
proebler

Question how do I mark the post as solved in the Subject box?
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11180
Location: Arizona USA

PostPosted: Mon 28 Jan 2013, 23:04    Post subject:  

Just click on the "Edit" button in your post. I changed it for you.
Back to top
View user's profile Send private message 
L18L

Joined: 19 Jun 2010
Posts: 2610
Location: www.eussenheim.de/

PostPosted: Tue 29 Jan 2013, 13:39    Post subject:  

Quote:
NUMSAVE=-1;while [ `printf '%d' "'$NUMSAVE"` -lt 49 -o `printf '%d' "'$NUMSAVE"` -gt $(( 48 + $NUMPUPSAVES )) ]; do read -n 1 NUMSAVE; done


Still a bit better because no errors when alpha input
Should work up to 9 save files
but needs to be tested in initrd
Back to top
View user's profile Send private message 
proebler

Joined: 24 Jan 2012
Posts: 70
Location: TAS

PostPosted: Tue 29 Jan 2013, 18:55    Post subject:
Subject description: wishing to remove option 0 (none)
 

thanks L18L, I will try it.
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1074

PostPosted: Tue 29 Jan 2013, 19:00    Post subject: Re: Multiple save files at boot time (Solved)
Subject description: wishing to remove option 0 (none)
 

proebler wrote:

Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.

proebler


In point of fact it wont. Because a user could enter the kernel parameter pfix=ram at boot time and the system will boot without attempting loading a savefile.
Unless you are removing that functionality as well.

_________________



Back to top
View user's profile Send private message Visit poster's website 
L18L

Joined: 19 Jun 2010
Posts: 2610
Location: www.eussenheim.de/

PostPosted: Wed 30 Jan 2013, 15:05    Post subject: Re: Multiple save files at boot time (Solved)
Subject description: wishing to remove option 0 (none)
 

Q5sys wrote:
... a user could enter the kernel parameter pfix=ram at boot time...


menu.lst wrote:
# menu.lst produced by grub4dosconfig-v1.8.0
color blue/cyan yellow/blue white/black cyan/black
#splashimage=/splash.xpm
timeout 0
default 0

# Frugal installed Puppy

title Puppy precise 5.4.2 (sdb6)
uuid 28afc2de-0d44-484c-a1cd-a1e82531eacb
kernel /vmlinuz pmedia=usbflash pfix=fsck
initrd /initrd.gz


Where can a user enter "pfix=ram" Question
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1074

PostPosted: Wed 30 Jan 2013, 15:43    Post subject: Re: Multiple save files at boot time (Solved)
Subject description: wishing to remove option 0 (none)
 

L18L wrote:
Q5sys wrote:
... a user could enter the kernel parameter pfix=ram at boot time...


menu.lst wrote:
# menu.lst produced by grub4dosconfig-v1.8.0
color blue/cyan yellow/blue white/black cyan/black
#splashimage=/splash.xpm
timeout 0
default 0

# Frugal installed Puppy

title Puppy precise 5.4.2 (sdb6)
uuid 28afc2de-0d44-484c-a1cd-a1e82531eacb
kernel /vmlinuz pmedia=usbflash pfix=fsck
initrd /initrd.gz


Where can a user enter "pfix=ram" Question


usually during the splash screen...


its where you can trigger custom kernel commands like, pmedia=usbflash pfix=fsck pfix=clean except you're using the switch pfix=ram
Yes I realize you have the timeout at 0, but dont count on that, ive seen timeouts of 0 being bypassed before. usually by mashing on the space bar as soon as you boot the system. Sometimes you just get lucky and the spacebar is read before the timeout is read.

But all of this is honestly smoke and mirrors...
Anything thats a setting in grub can be changed by simply mounting the drive on another device and editing menu.lst.

So are you actually more secure? The answer is no.
Do you feel more secure? The answer here is probably yes.

If they have access to your hardware they can do whatever they want. In this scenario, you've already acknowledged that someone has hardware access since they have the ability to boot your system. if they have access to your system, they have access to change any security you put in place to stop them from booting it and editing the switches.

_________________



Back to top
View user's profile Send private message Visit poster's website 
proebler

Joined: 24 Jan 2012
Posts: 70
Location: TAS

PostPosted: Thu 31 Jan 2013, 02:54    Post subject:  

@L18L
Code:
NUMSAVE=-1;while [ ‘printf ‘%d’ “‘$NUMSAVE"’ -lt 49 -o ‘printf ‘%d’ “‘$NUMSAVE"’ -gt $(( 48 + $NUMPUPSAVES )) ]; do read -n 1 NUMSAVE; done   

tested, but does not work as intended.
It presents the login with the 1st of the save files by default.
More save files are listed but their selection is not possible.
The initial solution works fine anyway and I am happy with it.
Note 1.
With the initial solution: esc, F-keys and shift[ed] non-alphabet keys [e.g. &] lead to kernel panic.
I have not tested them all. Not a problem for me.
This does not happen with the original initrd.gz.
Note 2.
I put the modified initrd.gz on a CD together with a re-mastered Puppy.
When that boots and I wish to run without the use of a save file, then I must make use of the splash screen and pfix=ram.
The 0 (none) option is of course no longer offered together with the found save files.

@Q5sys
Indeed, I am aware of the limitations and perhaps stating my reason as I did,
Quote:
Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.

was not the best way.
My main intention really is modest and simple:
I want to prevent easy [even non-malicious] deletion of a personal save file.
Not being able to willy-nilly boot Puppy -and thus gain access to those files-, is all I want.
It is partly a thought exercise, exploring what can be done.

Having set theGrub4Dos time delay to 0 [as I have], gives a measure of protection.
It would be enough to thwart the unwary, but may, as Q5sys points out, be no obstacle for the determined. [I tried unsuccessfully, but was not all that determined ].
The way I boot, there is no [Puppy] splash screen , so you won’t get any advise about custom commands.
If you do manage to get to the Grub4Dos boot screen, then yes, you can edit in a custom kernel command. But you would need to know what that custom command has to be.
If you are clever at these things, and to make it a bit harder [?], you could perhaps modify Grub4Dos so that it does not show the way to edit [e] or does not allow edit at all.

So, ... having managed to beat the 0 time delay and knowing Puppy’s custom boot commands, the basic Puppy can be booted.
And having managed it, he/she may then as well delete the encrypted save files ... good riddance, I would probably want that! Sad

Acknowledged: There is no absolute security.

I hope that my reasoning is reasonable Smile
Back to top
View user's profile Send private message 
Q5sys


Joined: 11 Dec 2008
Posts: 1074

PostPosted: Thu 31 Jan 2013, 07:07    Post subject:  

proebler wrote:

Acknowledged: There is no absolute security.

I hope that my reasoning is reasonable Smile


yes perfectly reasonable. some people go into issues like this thinking they have a perfect solution. there is no perfect solution.
as long as a person is aware of the amount of risk (in this case small), they can manage it in whatever way they feel i acceptable.

as long as you are happy with your solution and understand its limits, thats all that matters. Smile

_________________



Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 1 of 1 [13 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0932s ][ Queries: 12 (0.0039s) ][ GZIP on ]