Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: Martijn van Oosterhout <kleptog@cupid.suninternet.com>
- Cc: Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Samuel Tardieu <sam@debian.org>
- Date: Wed, 2 Feb 2000 13:45:01 +0100
- Message-id: <2000-02-02-13-45-01+trackit+sam@debian.org>
- Reply-to: Samuel Tardieu <sam@debian.org>
- In-reply-to: <389823E6.37B56639@cupid.suninternet.com>; from kleptog@cupid.suninternet.com on Wed, Feb 02, 2000 at 11:32:38PM +1100
- References: <2000-02-02-11-38-12+trackit+sam@debian.org> <389823E6.37B56639@cupid.suninternet.com>
| Err, there is a mistake here somewhere. If you are getting 1FA at the
| boot
| prompt then lilo is *NOT* in the MBR. If it were you would get the lilo
| prompt.
Have you read my mail? If you install Debian with default settings, you will
have a MBR installed in the MBR, not lilo (lilo will be installed on your /
partition).
On the contrary with the MBR found on other systems (M$, *BSD, ...), this one
allows the user to press "shift" at boot time: instead of giving lilo a chance
to start, it will allow the user to boot on the floppy disk.
| OTOH, if you have physical access to the machine is there really any
| security?
Once again, reread my mail: our machines are physically secured, and the
chances that they are physically breaked in are very low (this would imply
breaking the whole box, and we have cameras and guards looking at them).
However, with this MBR in place, some students did manage to boot on a floppy
and this got unnoticed.
Reply to: