Re: [POSSIBLE GRAVE SECURITY HOLD]
>>"Pierre" == Pierre Beyssac <beyssac@enst.fr> writes:
Pierre> On Wed, Feb 02, 2000 at 12:21:26PM -0600, John Goerzen wrote:
>> > Funny, you edited out my question about why _THIS_ MBR allows you
>> > to choose to boot from a floppy. Does the logical answer disturb
>> > you, perhaps?
>>
>> No, it's irrelevant. It is not MBR that is making things insecure.
>> It's YOU (or the relevant admin).
Pierre> Note that you can even extend your argument by saying that serious
Pierre> admins run only programs for which they have read, understood and
Pierre> possibly corrected the source code. Reading the doc is not enough:
Pierre> some features can be undocumented, poorly documented or wrongly
Pierre> documented.
Pierre> So, trying to fix security bugs in a default installation is totally
Pierre> pointless if I understand you right, since the competent admin will
Pierre> fix that because he knows Everything.
Pierre> So Debian is a distribution geared for people who know Everything
Pierre> and have the time to read and understand all the sources. See, I'm
Pierre> beginning to understand how you see things.
I couldn't have put it better.
>> However I think it is a very poor argument to remove something because
>> it has features that an inexperienced admin could misuse.
Pierre> The point is about removing uselessly duplicate features. Who uses
Pierre> the floppy boot feature of this MBR? Nobody. Who can be fucked by
Pierre> this feature? A lot of people.
I disagree. I guess about 90% of the users do not try to
secure machines without physical security, and that is a very
conservative estimate. For most installations, bypassing LILO and the
BIOS can be a lifesaver.
For the rest, I would suspect the forthcoming Seciring Debian
document would be enough.
For the fraction of 1% of idiots who won't read docs when
trying to get a high security machine, I say the deserve what they
get.
>> Virtually everything in the distro is like that.
Pierre> Yes, that's called creeping featurism. This is generalized on
Pierre> toy operating systems. And this particular case is an obvious
Pierre> case of needless duplicate features. Since this makes the
Pierre> source code grow, you obviously make the task more difficult
Pierre> for the serious people who read all the code they
Pierre> install. And by the way, that's the opposite of security.
Needless is your characterization. It is certainly not mine. I
call it another line of backup.
manoj
--
Hanging on in quiet desperation is the English way. Pink Floyd
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: