On saturday, 07-Sep-2002, I've made test runs with RC1. First, clean install of 8.2 and upgrade to 9.0 RC1. Second, clean install of 9.0 RC1 from scratch.
My home machine info can be found here: <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/rc1/home_machine/> machine.html describes hardware specs. I've found several problems that I'm going to describe in separate mails on this list. -=======================- Problem 1: Bootloader installation vs. "restrict" and "password" options in lilo.conf Full details, HTML version of this report here: <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/rc1/home_machine/problems/lilo_restrict_option/info.html> -===========- Bootloader installation during upgrade vs. "restricted" and "password" options The bug I had reported earlier on cooker mailing list (subject: "9.0 beta 4: doesn't upgrade from 8.2 properly"), hasn't actually been fixed. I've tried upgrading from a clean installation of Mandrake 8.2, where I had inserted the "restricted" and "password" options in the global section. Before the upgrade, beginning of my lilo.conf <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/rc1/home_machine/problems/lilo_restrict_option/lilo.conf> looked like this (the lines I've manualy inserted are in *bold*): boot=/dev/hda map=/boot/map install=/boot/boot.b vga=normal default=linux keytable=/boot/pl.klt lba32 prompt nowarn *restricted password=123456* timeout=100 message=/boot/message menu-scheme=wb:bw:wb:bw ignore-table image=/boot/vmlinuz label=linux root=/dev/hda7 initrd=/boot/initrd.img append="quiet devfs=mount" vga=788 read-only The only change in behaviour between installers in 8.2 and earlier 9.0 betas and supposedly fixed in RC1, is that I can see a different error message: previously, it had been "Passwords do not match" (screenshot and beta4 report here <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/beta4/upgrade_8.2-beta4/lilo_password/>), now it is "Option "Restrict command line options" is of no use without a password." (screenshot here <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/rc1/home_machine/problems/lilo_restrict_option/33.png>) As seen on this <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/rc1/home_machine/problems/lilo_restrict_option/32.png> screenshot, there's no user interface for toggling the global "restricted" option, nor any input field for the value of the global "password" option. The only way to continue with installation is to cancel the bootloader installation step! My suggestion is that there are two possible fixes: * the easier one: make installer completely ignore the "restrict" and "password" options if they are present in global section of lilo.conf * the harder one, but more correct: provide a user interface to control those two options. Implementing a user interface for those options would require two more widgets in the dialog box depicted on this <http://olo.office.altkom.com.pl/domowa/qa/mandrake/9.0/rc1/home_machine/problems/lilo_restrict_option/32.png> screenshot: 1. a single checkbox with a caption "Restrict passing arguments to kernel" that would be checked by default if the user had chosen "Higher" or "Paranoid"security level earlier in the installation. Of course, the whole dialog should be opened in advanced, not basic mode, when entering this installation step, if the security mode is "Higher" or "Paranoid", so that proper widgets are visible to the user. 2. a password textbox that would be editable only when the preceding checkbox is checked. When the user clicks OK to confirm the bootloader global settings, a check is made whether a password has been supplied when, /and only when/, "Restrict passing arguments to kernel" checkbox is checked, and if the password is empty, it shows a messagebox that is currently shown always: "Option "Restrict command line options" is of no use without a password." If the chosen security level is "Higher" or "Paranoid", and the user turned "Restrict passing arguments to kernel" off, a dialogbox is shown: "Your security level is $insert_sec_level_here. It is recommended that you restrict passing arguments to kernel with a password, or else someone with physical access to your machine will be able to reboot into single user mode, bypassing all security access checks. He will have root access without a password. What is your decision?". and then two buttons: Go back to turn on "restricted" option and enter password Continue without protection with "restricted" option If you decide to implement this feature, here are translation of messges to Polish (encoded in ISO-8859-2): English Polish Restrict passing arguments to kernel Ogranicz przekazywanie argumentów do jądra Password Hasło Your security level is $insert_sec_level_here. It is recommended that you restrict passing arguments to kernel with a password, or else someone with physical access to your machine will be able to reboot into single user mode, bypassing all security access checks. He will have root access without a password. What is your decision? Twój wybrany poziom bezpieczeństwa to $insert_sec_level_here. Jest zalecane, abyś ograniczył/ograniczyła przekazywanie argumentów do jądra. W przeciwnym razie osoba z fizycznym dostępem do maszyny będzie mogła zrestartować ją w trybie jednego użytkownika, obchodząc wszystkie zabezpieczenia. Będzie mieć dostęp na poziomie roota, bez potrzeby podawania hasła. Co chcesz zrobić? Go back to turn on "restricted" option and enter password Powrócić i włączyć ograniczenie przekazywania argumentów oraz podać hasło Continue without protection with "restricted" option Kontynuować bez tej ochrony -- Olo GG#: 274614 ICQ UIN: 19780575 http://olo.office.altkom.com.pl
