Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, Feb 02, 2000 at 03:02:57PM +0100, Paul Slootman wrote:
> On Wed 02 Feb 2000, Samuel Tardieu wrote:
>
> > Have you read my mail? If you install Debian with default settings,
> > you will have a MBR installed in the MBR, not lilo (lilo will be
> > installed on your / partition).
>
> In my experience I get asked if I want to install a boot loader in the
> MBR when installing debian; it doesn't get done automatically.
true.
> > | OTOH, if you have physical access to the machine is there really
> > | any security?
> >
> > Once again, reread my mail: our machines are physically secured, and
> > the chances that they are physically breaked in are very low (this
> > would imply breaking the whole box, and we have cameras and guards
> > looking at them). However, with this MBR in place, some students
> > did manage to boot on a floppy and this got unnoticed.
>
> Those cameras were switched off and the guards were sleeping while the
> students were inserting floppies and rebooting the system, I guess?
irrelevant. it takes two minutes to boot a system - you can't expect
100% attention from any monitoring procedures...certainly not in a
student lab (i.e. dozens of screens to be watched) where there is
neither a) extreme security requirements nor b) huge budgets for guards.
even where a site can and does have 100% attentive guards, it is still
desirable to minimise the number of things that those guards have to
watch out for.
> This is *not* what one would call "physically secured". The machines
> need to sit in a locked room. If students need physical access to
> the systems for some reason, remove the floppy drive (as suggested
> already).
that's a very poor response.
IMO, the correct solution is for the installer script to pop up a dialog
box immediately after it asks whether to install MBR or not. That
dialog box should give a brief summary of the potential floppy security
hole, and ask whether MBR should be installed with or without the floppy
boot option.
if the user says yes, then install MBR with the floppy-enabled option.
if "No", then install with floppy-disabled option.
a simple, easily implemented solution which should satisify everyone.
btw, a floppy is useful for a student to be able to take their work away
with them (e.g. to work on it at home), so removing all floppy drives
from all machines is not necessarily a good option.
> OTOH, if you're so paranoid, why not just install lilo into the MBR?
> You have special requirements, so why not cater for them? It's pretty
> simple to do so.
it's pretty simple to support his needs in the installer script too. even
more importantly, it's simple to support his needs without harming anyone
else's needs - i.e. it adds a new feature without taking away anything.
craig
PS: who cares what the default is, as long as there's an option to have
it either way? lets not spend 3 months debating which option makes a
better default.
--
craig sanders
Reply to: