Re: [POSSIBLE GRAVE SECURITY HOLD]
Nils Jeppe <nils@jeppe.de> writes:
> 1) who the heck thinks of checking the MBR documentation? I'd never even
> suspect it behaves any different than os/2 mbr, win mbr, whatnot mbr.
The fact that there's a box now :-_)
> 2) Even if the majority agrees to keep mbr as a default installation,
> Where the hell is it gonna hurt anybody if you get a popup upon setting up
> mbr that says something to the effect of, "MBR makes it possible to boot
> from floppy; please check /usr/share/doc/mbr/whatever.txt for more
> information." ?!?
I have actually suggested a similar approach.
> Yes the mbr problem doesn't affect most debian users, I presume. But what
> frightens me MUCH more is the attitude some are displaying here.
>
> "Sure, here's an insecure default. Why, you could've Read The Fucking
> Manual and fixed it. We don't care, it's your problem."
It is NOT an insecure default. It is being used in an insecure way.
We install LILO without a password by default. Do you claim that's
insecure? If so, do you really think using a bootup password for LILO
is appropriate, given that this would break needs for servers? If
not, what's so different about this?
--
John Goerzen Linux, Unix consulting & programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
The 734,115th digit of pi is 4.
Reply to: