Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed 02 Feb 2000, Samuel Tardieu wrote:
> Have you read my mail? If you install Debian with default settings, you will
> have a MBR installed in the MBR, not lilo (lilo will be installed on your /
> partition).
In my experience I get asked if I want to install a boot loader in the
MBR when installing debian; it doesn't get done automatically.
> | OTOH, if you have physical access to the machine is there really any
> | security?
>
> Once again, reread my mail: our machines are physically secured, and the
> chances that they are physically breaked in are very low (this would imply
> breaking the whole box, and we have cameras and guards looking at them).
> However, with this MBR in place, some students did manage to boot on a floppy
> and this got unnoticed.
Those cameras were switched off and the guards were sleeping while the
students were inserting floppies and rebooting the system, I guess?
This is *not* what one would call "physically secured". The machines
need to sit in a locked room. If students need physical access to the
systems for some reason, remove the floppy drive (as suggested already).
OTOH, if you're so paranoid, why not just install lilo into the MBR?
You have special requirements, so why not cater for them? It's pretty
simple to do so.
Paul Slootman
--
home: paul@wurtel.demon.nl http://www.wurtel.demon.nl/
work: paul@murphy.nl http://www.murphy.nl/
debian: paul@debian.org http://www.debian.org/
isdn4linux: paul@isdn4linux.de http://www.isdn4linux.de/
Reply to: