Re: [POSSIBLE GRAVE SECURITY HOLD]

[Pierre Beyssac <beyssac@enst.fr>]

On Wed, Feb 02, 2000 at 02:13:50PM +0100, Ruud de Rooij wrote:
> I do agree, however, that it is not a security hole.  If someone wants 
> to make the console secure, they would have to modify lilo.conf
> anyway, and so could change the boot= line as well.

You miss the point. That this can be fixed by configuration doesn't
mean it's not a security hole in the first place.

The security hole is that the console is made insecure by default
without any warning from the installation program. That, in itself,
would warrant a security advisory.

Almost everybody knows about how to secure Lilo by putting a
password; I did know that, even though I'm not a Linux specialist.
For people who don't know, there is a clear "LILO" prompt that
warns them that it might be possible for someone to tamper with
the configuration by typing something. Lilo is installed by default,
so "man lilo" and be enlightened.

On the other hand, nobody knows that you ALSO have to edit the
boot= line in lilo.conf to remove the dangerous MBR.

Now that we are talking about the problem, everybody seems to know
that as obvious. But was it so before this discussion came up?
I sincerely doubt it.

Because the dangerous MBR displays no prompt whatsoever unless you
press the SHIFT key at the right time. And if you try "man install-mbr"
or "man mbr" after boot, you're out of luck because even though it
has been installed on your boot block, you don't have the docs
available unless you know what you're looking for.

In summary, you can't reasonnably know how you're at risk unless
you _already_ know how you're at risk. Great help. Sorry, but that's
not what I call security.
-- 
Pierre Beyssac		pb@enst.fr