[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [POSSIBLE GRAVE SECURITY HOLD]

Pierre Beyssac <beyssac@enst.fr> writes:

> > No, it's irrelevant.  It is not MBR that is making things insecure.
> > It's YOU (or the relevant admin).
> 
> Note that you can even extend your argument by saying that serious

You can if you want, but that's incorrect.

> admins run only programs for which they have read, understood and
> possibly corrected the source code. Reading the doc is not enough:
> some features can be undocumented, poorly documented or wrongly
> documented.

I suggest that any good admin will understand the workings of the
software on his machine, and we cannot be responsible of the admin is
negligent in this regard.

> 
> So, trying to fix security bugs in a default installation is totally
> pointless if I understand you right, since the competent admin will
> fix that because he knows Everything.

The competant admin reads documentation.  He is no superhuman
creature, but has common sense.  If you think I am trying to say that
the competant admin knows everything, you are misunderstanding what I
am saying.

> So Debian is a distribution geared for people who know Everything
> and have the time to read and understand all the sources. See, I'm
> beginning to understand how you see things.

Any distribution -- of any OS -- is geared for people that read the
information and documentation presented them.

> > However I think it is a very poor argument to remove something because
> > it has features that an inexperienced admin could misuse.
> 
> The point is about removing uselessly duplicate features. Who uses
> the floppy boot feature of this MBR? Nobody. Who can be fucked by
> this feature? A lot of people.

Granted, the scenario for needing MBR to boot from a floppy does not
occur with significant frequency.  

> > Virtually everything in the distro is like that.
> 
> Yes, that's called creeping featurism. This is generalized on toy
> operating systems. And this particular case is an obvious case of
> needless duplicate features. Since this makes the source code grow,

No, it doesn't, as the MBR has had a fixed size limit ever since
MS-DOS 2.0 in the early 1980s.

This whole tangent, BTW, is wholly irrelevant to the topic at hand.

-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
The 494,522nd digit of pi is 0.
Reply to: