Re: [POSSIBLE GRAVE SECURITY HOLD]

To: Pierre Beyssac <beyssac@enst.fr>
Cc: Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
From: John Goerzen <jgoerzen@complete.org>
Date: 02 Feb 2000 12:21:26 -0600
Message-id: <87ln53h3dl.fsf@erwin.complete.org>
In-reply-to: Pierre Beyssac's message of "Wed, 2 Feb 2000 19:11:18 +0100"
References: <2000-02-02-11-38-12+trackit+sam@debian.org> <87vh47k3v1.fsf@erwin.complete.org> <20000202175255.E50448@enst.fr> <873drby1na.fsf@erwin.complete.org> <20000202181855.H50448@enst.fr> <87n1pjy0qs.fsf@erwin.complete.org> <20000202184944.K50448@enst.fr> <87ya93h467.fsf@erwin.complete.org> <20000202191118.N50448@enst.fr>

Pierre Beyssac <beyssac@enst.fr> writes:

> On Wed, Feb 02, 2000 at 12:04:16PM -0600, John Goerzen wrote:
> > The purpose of this MBR is the same as that of any MBR.
> 
> Funny, you edited out my question about why _THIS_ MBR allows you
> to choose to boot from a floppy. Does the logical answer disturb
> you, perhaps?

No, it's irrelevant.  It is not MBR that is making things insecure.
It's YOU (or the relevant admin).

> If I read the above correctly, you agree with me, then, that _THIS_
> MBR should be replaced with a regular, less-featured MBR.

I personally don't care as I run an Alpha :-)

However I think it is a very poor argument to remove something because
it has features that an inexperienced admin could misuse.  Virtually
everything in the distro is like that.

> > Which would mean that anybody without an MBR already on their system
> > would not get a bootable machine.  Bad idea.
> 
> Either you can't read or you're trying to make me look like an idiot.

Nobody has yet mentioned a suitable alternative.

> No: that means Lilo's MBR would be installed instead by default.
> _That_ is the reasonnable choice. You implicitly admitted this
> at the top.

No, I didn't.  The weakness of this is that you can only change the
partitions to boot from within Linux.  If Linux is not bootable or
deleted, you're stuck.  This is not acceptable.

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
The 464,750th digit of pi is 5.

Reply to:

Follow-Ups:
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Thierry Laronde <thierry.laronde@polynum.com>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Thomas Quinot <quinot@email.enst.fr>

References:
- [POSSIBLE GRAVE SECURITY HOLD]
  - From: Samuel Tardieu <sam@debian.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>

Prev by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Previous by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread