[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [POSSIBLE GRAVE SECURITY HOLD]

Joseph Carter <knghtbrd@debian.org> writes:

> [1  <text/plain; us-ascii (quoted-printable)>]
> On Wed, Feb 02, 2000 at 11:32:38PM +1100, Martijn van Oosterhout wrote:
> > Err, there is a mistake here somewhere. If you are getting 1FA at the
> > boot prompt then lilo is *NOT* in the MBR. If it were you would get the
> > lilo prompt.
> 
> Why not?  If I hold down the wrong key too soon in the boot process, I get
> a 3FA: prompt.  I press enter and get lilo as normal.
> 
> It's not a virus or a security concern.  Similar prompts happen on similar
> machines lots.  No two machines seem to have the same "strange" prompt.

The prompt is printed by the MBR that is installed as part of the mbr
Debian package (or by the boot floppies).  If you install LILO in the
MBR (using boot=/dev/hda instead of boot=/dev/hda1) you wont see this
prompt, because you overwrote the code that produced it.

See /usr/share/doc/mbr/README on what the prompt means and why it is
different on different machines.

I do agree, however, that it is not a security hole.  If someone wants 
to make the console secure, they would have to modify lilo.conf
anyway, and so could change the boot= line as well.

	- Ruud de Rooij.
-- 
ruud de rooij | *@spam.ruud.org | http://ruud.org | http://weer.moonblade.net
Reply to: