Re: Securing a Debian machine
>>"Michael" == Michael Stone <mstone@debian.org> writes:
Michael> On Wed, Feb 02, 2000 at 12:11:29PM -0500, James A. Treacy wrote:
>> I propose we do the following:
>> - leave mbr as it currently stands. Most users are worried about
Michael> Why would we do that? I have yet to see anyone justify why
Michael> mbr is good for a default install (rather than as an
Michael> optional package.) Even leaving the security issue alone,
Michael> the 2FA: prompt is confusing for people who hit shift in
Michael> hopes of seeing a lilo: prompt.
You want justification? Well, someone rebooted a computer
without rerunning LILO, and having had installed a SCSI disk. The
machine stopped with the MBR prompt; and the floppy option saved our
butts. It was a lifesaver; since we were in a timefcritical Demo
scenario.
The MBR features are just that: features, and some of us like
them the way they are. Most installations are happy with lower
security than requiring the floppy bott be disabled, and for these
folks this is a feature that can be useful.
Since we should be targetting the defaults for the most common
case anyway, I say that the current MBR is justified.
manoj
--
I went to my mother and told her I intended to commence a different
life. I asked for and obtained her blessing and at once commenced
the career of a robber. Tiburcio Vasquez
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: