[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [POSSIBLE GRAVE SECURITY HOLD]

>>"Pierre" == Pierre Beyssac <beyssac@enst.fr> writes:

 Pierre> On Wed, Feb 02, 2000 at 12:21:26PM -0600, John Goerzen wrote:
 >> > Funny, you edited out my question about why _THIS_ MBR allows you
 >> > to choose to boot from a floppy. Does the logical answer disturb
 >> > you, perhaps?
 >> 
 >> No, it's irrelevant.  It is not MBR that is making things insecure.
 >> It's YOU (or the relevant admin).

 Pierre> Note that you can even extend your argument by saying that serious
 Pierre> admins run only programs for which they have read, understood and
 Pierre> possibly corrected the source code. Reading the doc is not enough:
 Pierre> some features can be undocumented, poorly documented or wrongly
 Pierre> documented.

 Pierre> So, trying to fix security bugs in a default installation is totally
 Pierre> pointless if I understand you right, since the competent admin will
 Pierre> fix that because he knows Everything.

 Pierre> So Debian is a distribution geared for people who know Everything
 Pierre> and have the time to read and understand all the sources. See, I'm
 Pierre> beginning to understand how you see things.


        I couldn't have put it better.


 >> However I think it is a very poor argument to remove something because
 >> it has features that an inexperienced admin could misuse.

 Pierre> The point is about removing uselessly duplicate features. Who uses
 Pierre> the floppy boot feature of this MBR? Nobody. Who can be fucked by
 Pierre> this feature? A lot of people.

        I disagree. I guess about 90% of the users do not try to
 secure machines without physical security, and that is a very
 conservative estimate. For most installations, bypassing LILO and the
 BIOS can be a lifesaver.

        For the rest, I would suspect the forthcoming Seciring Debian
 document would be enough.

        For the fraction of 1% of idiots who won't read docs when
 trying to get a high security machine, I say the deserve what they
 get. 

 >> Virtually everything in the distro is like that.

 Pierre> Yes, that's called creeping featurism. This is generalized on
 Pierre> toy operating systems. And this particular case is an obvious
 Pierre> case of needless duplicate features. Since this makes the
 Pierre> source code grow, you obviously make the task more difficult
 Pierre> for the serious people who read all the code they
 Pierre> install. And by the way, that's the opposite of security.

        Needless is your characterization. It is certainly not mine. I
 call it another line of backup. 
 

        manoj       
-- 
 Hanging on in quiet desperation is the English way. Pink Floyd
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: