Multiple save files at boot time (Solved)
Multiple save files at boot time (Solved)
Running frugal installs from USB flash with personal save files.
When multiple personal files are available at boot time, they are offered as options 1, 2, 3 etc. to chose from.
There is also option 0 -none, which allows booting the 'native' system.
I would like to boot without that option 0 being shown.
Can this be done and if so, how?
Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.
proebler
When multiple personal files are available at boot time, they are offered as options 1, 2, 3 etc. to chose from.
There is also option 0 -none, which allows booting the 'native' system.
I would like to boot without that option 0 being shown.
Can this be done and if so, how?
Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.
proebler
- L18L
- Posts: 3479
- Joined: Sat 19 Jun 2010, 18:56
- Location: www.eussenheim.de/
Re: multiple personal save files at boot time
edit file named init in initrd.gz (just one click on initrd.gz)proebler wrote:...I would like to boot without that option 0 being shown.
Can this be done and if so, how?...
change (line 828 ?)
Code: Select all
echo "0 none" > /dev/console
Code: Select all
# echo "0 none" > /dev/console
I think disabling that option will be required too:
change (line 837?)
Code: Select all
read NUMSAVE
Code: Select all
NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; done;
Where is TAS
part success!
I now have:
[Lines 775 -787, initrd.gz of Lupu-5.2.8-005]
That works ok for all numbers , however if a non-number key is entered [followed by Enter/Return] or simply Enter/Return, then the 'native, system is still loaded.
Can that be prevented as well?
@L18L:
thank you, TAS is 42.8806° S, 147.3250° E
...und mein Motto ist probieren geht über studieren
I now have:
[Lines 775 -787, initrd.gz of Lupu-5.2.8-005]
Code: Select all
echo "Type a number to choose which personal file to use:" > /dev/console
#echo "0 none" > /dev/console
for ONECHOICE in `cat /tmp/PUPSAVE2SFSS | tr '\n' ' '`
do
ONEFILE="`echo -n "$ONECHOICE" | cut -f 3 -d ','`"
ONEPART="`echo -n "$ONECHOICE" | cut -f 1 -d ','`"
echo -e "${CNTSAVE} ${ONEPART}\\033[10G${ONEFILE}" > /dev/console #10 means move to that column.
CNTSAVE=`expr $CNTSAVE + 1`
done
echo -en "\\033[0;39m" >/dev/console
NUMSAVE=-1;while [ $NUMSAVE -lt 1 -o $NUMSAVE -gt $NUMPUPSAVES ]; do read NUMSAVE; done;
#read NUMSAVE
[ $NUMSAVE -ne 0 ] && PUPSAVE="`cat /tmp/PUPSAVE2SFSS | tr '\n' ' ' | cut -f $NUMSAVE -d ' '`"
That works ok for all numbers , however if a non-number key is entered [followed by Enter/Return] or simply Enter/Return, then the 'native, system is still loaded.
Can that be prevented as well?
@L18L:
thank you, TAS is 42.8806° S, 147.3250° E
...und mein Motto ist probieren geht über studieren
- L18L
- Posts: 3479
- Joined: Sat 19 Jun 2010, 18:56
- Location: www.eussenheim.de/
- L18L
- Posts: 3479
- Joined: Sat 19 Jun 2010, 18:56
- Location: www.eussenheim.de/
Re: Multiple save files at boot time (Solved)
In point of fact it wont. Because a user could enter the kernel parameter pfix=ram at boot time and the system will boot without attempting loading a savefile.proebler wrote: Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.
proebler
Unless you are removing that functionality as well.
- L18L
- Posts: 3479
- Joined: Sat 19 Jun 2010, 18:56
- Location: www.eussenheim.de/
Re: Multiple save files at boot time (Solved)
Q5sys wrote:... a user could enter the kernel parameter pfix=ram at boot time...
Where can a user enter "pfix=ram"menu.lst wrote:# menu.lst produced by grub4dosconfig-v1.8.0
color blue/cyan yellow/blue white/black cyan/black
#splashimage=/splash.xpm
timeout 0
default 0
# Frugal installed Puppy
title Puppy precise 5.4.2 (sdb6)
uuid 28afc2de-0d44-484c-a1cd-a1e82531eacb
kernel /vmlinuz pmedia=usbflash pfix=fsck
initrd /initrd.gz
Re: Multiple save files at boot time (Solved)
usually during the splash screen...L18L wrote:Q5sys wrote:... a user could enter the kernel parameter pfix=ram at boot time...Where can a user enter "pfix=ram"menu.lst wrote:# menu.lst produced by grub4dosconfig-v1.8.0
color blue/cyan yellow/blue white/black cyan/black
#splashimage=/splash.xpm
timeout 0
default 0
# Frugal installed Puppy
title Puppy precise 5.4.2 (sdb6)
uuid 28afc2de-0d44-484c-a1cd-a1e82531eacb
kernel /vmlinuz pmedia=usbflash pfix=fsck
initrd /initrd.gz
its where you can trigger custom kernel commands like, pmedia=usbflash pfix=fsck pfix=clean except you're using the switch pfix=ram
Yes I realize you have the timeout at 0, but dont count on that, ive seen timeouts of 0 being bypassed before. usually by mashing on the space bar as soon as you boot the system. Sometimes you just get lucky and the spacebar is read before the timeout is read.
But all of this is honestly smoke and mirrors...
Anything thats a setting in grub can be changed by simply mounting the drive on another device and editing menu.lst.
So are you actually more secure? The answer is no.
Do you feel more secure? The answer here is probably yes.
If they have access to your hardware they can do whatever they want. In this scenario, you've already acknowledged that someone has hardware access since they have the ability to boot your system. if they have access to your system, they have access to change any security you put in place to stop them from booting it and editing the switches.
@L18L
tested, but does not work as intended.
It presents the login with the 1st of the save files by default.
More save files are listed but their selection is not possible.
The initial solution works fine anyway and I am happy with it.
Note 1.
With the initial solution: esc, F-keys and shift[ed] non-alphabet keys [e.g. &] lead to kernel panic.
I have not tested them all. Not a problem for me.
This does not happen with the original initrd.gz.
Note 2.
I put the modified initrd.gz on a CD together with a re-mastered Puppy.
When that boots and I wish to run without the use of a save file, then I must make use of the splash screen and pfix=ram.
The 0 (none) option is of course no longer offered together with the found save files.
@Q5sys
Indeed, I am aware of the limitations and perhaps stating my reason as I did,
My main intention really is modest and simple:
I want to prevent easy [even non-malicious] deletion of a personal save file.
Not being able to willy-nilly boot Puppy -and thus gain access to those files-, is all I want.
It is partly a thought exercise, exploring what can be done.
Having set theGrub4Dos time delay to 0 [as I have], gives a measure of protection.
It would be enough to thwart the unwary, but may, as Q5sys points out, be no obstacle for the determined. [I tried unsuccessfully, but was not all that determined ].
The way I boot, there is no [Puppy] splash screen , so you won’t get any advise about custom commands.
If you do manage to get to the Grub4Dos boot screen, then yes, you can edit in a custom kernel command. But you would need to know what that custom command has to be.
If you are clever at these things, and to make it a bit harder [?], you could perhaps modify Grub4Dos so that it does not show the way to edit [e] or does not allow edit at all.
So, ... having managed to beat the 0 time delay and knowing Puppy’s custom boot commands, the basic Puppy can be booted.
And having managed it, he/she may then as well delete the encrypted save files ... good riddance, I would probably want that!
Acknowledged: There is no absolute security.
I hope that my reasoning is reasonable
Code: Select all
NUMSAVE=-1;while [ ‘printf ‘%d’ “‘$NUMSAVE"’ -lt 49 -o ‘printf ‘%d’ “‘$NUMSAVE"’ -gt $(( 48 + $NUMPUPSAVES )) ]; do read -n 1 NUMSAVE; done
It presents the login with the 1st of the save files by default.
More save files are listed but their selection is not possible.
The initial solution works fine anyway and I am happy with it.
Note 1.
With the initial solution: esc, F-keys and shift[ed] non-alphabet keys [e.g. &] lead to kernel panic.
I have not tested them all. Not a problem for me.
This does not happen with the original initrd.gz.
Note 2.
I put the modified initrd.gz on a CD together with a re-mastered Puppy.
When that boots and I wish to run without the use of a save file, then I must make use of the splash screen and pfix=ram.
The 0 (none) option is of course no longer offered together with the found save files.
@Q5sys
Indeed, I am aware of the limitations and perhaps stating my reason as I did,
was not the best way.Why would I like that?
Because it would prevent unauthorized use of the USB flash if all the personal save files are of the encrypted type.
My main intention really is modest and simple:
I want to prevent easy [even non-malicious] deletion of a personal save file.
Not being able to willy-nilly boot Puppy -and thus gain access to those files-, is all I want.
It is partly a thought exercise, exploring what can be done.
Having set theGrub4Dos time delay to 0 [as I have], gives a measure of protection.
It would be enough to thwart the unwary, but may, as Q5sys points out, be no obstacle for the determined. [I tried unsuccessfully, but was not all that determined ].
The way I boot, there is no [Puppy] splash screen , so you won’t get any advise about custom commands.
If you do manage to get to the Grub4Dos boot screen, then yes, you can edit in a custom kernel command. But you would need to know what that custom command has to be.
If you are clever at these things, and to make it a bit harder [?], you could perhaps modify Grub4Dos so that it does not show the way to edit [e] or does not allow edit at all.
So, ... having managed to beat the 0 time delay and knowing Puppy’s custom boot commands, the basic Puppy can be booted.
And having managed it, he/she may then as well delete the encrypted save files ... good riddance, I would probably want that!
Acknowledged: There is no absolute security.
I hope that my reasoning is reasonable
yes perfectly reasonable. some people go into issues like this thinking they have a perfect solution. there is no perfect solution.proebler wrote: Acknowledged: There is no absolute security.
I hope that my reasoning is reasonable
as long as a person is aware of the amount of risk (in this case small), they can manage it in whatever way they feel i acceptable.
as long as you are happy with your solution and understand its limits, thats all that matters.