Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: John Goerzen <jgoerzen@complete.org>
- Cc: Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Pierre Beyssac <beyssac@enst.fr>
- Date: Wed, 2 Feb 2000 18:18:55 +0100
- Message-id: <20000202181855.H50448@enst.fr>
- In-reply-to: <873drby1na.fsf@erwin.complete.org>; from John Goerzen on Wed, Feb 02, 2000 at 11:06:49AM -0600
- References: <2000-02-02-11-38-12+trackit+sam@debian.org> <87vh47k3v1.fsf@erwin.complete.org> <20000202175255.E50448@enst.fr> <873drby1na.fsf@erwin.complete.org>
On Wed, Feb 02, 2000 at 11:06:49AM -0600, John Goerzen wrote:
> Your attempt to take my argument to the logical extreme has failed. I
> suggest that we should make the system as secure as possible while
> keeping it usable.
And my answer is that your argument is flawed in that particular
case.
I'd like to know what your answer to the following questions is:
- what is the purpose, in terms of system usability, of
this MBR, other than bypassing BIOS and Lilo controls,
which hardly qualifies by my book?
- what function(s) of this MBR, enhancing system usability,
cannot be accomplished using the BIOS configuration and/or
Lilo?
- what is the purpose, in terms of system usability, of
NOT EXPLICITLY DOCUMENTING that behaviour in the install
process?
- what is the purpose, in terms of system usability, of
not issuing an advisory to warn vulnerable sites?
> The precise definition of this varies from site to
> site. Some people IRC as root, which is a terrible idea as far as I'm
> concerned.
But their system is sooooo much more usable. That's how some novice
Linux users do, after all.
--
Pierre Beyssac pb@enst.fr
Reply to: