Re: [POSSIBLE GRAVE SECURITY HOLD]

To: debian's developers <debian-devel@lists.debian.org>
Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
From: Thierry Laronde <thierry.laronde@polynum.com>
Date: Thu, 3 Feb 2000 13:49:35 +0100
Message-id: <20000203134935.A933@polynum.com>
In-reply-to: <879013j90l.fsf@glaurung.green-gryphon.com>; from Manoj Srivastava on Wed, Feb 02, 2000 at 08:48:58PM -0600
References: <2000-02-02-11-38-12+trackit+sam@debian.org> <879013j90l.fsf@glaurung.green-gryphon.com>

On Wed, Feb 02, 2000 at 08:48:58PM -0600, Manoj Srivastava wrote:
[..]
> 
>         Any saite that requires full protection against potentially
>  hostile users is supposed to have sys admins who have a clue. So, we
>  should just document the MBR, and let the clueful sysadmins do their
>  job, and not make life harder for most installations. 
> 
>  Samuel>   [2] No warning is given at all during the installation that this MBR
>  Samuel>       has extra features
> 
>         No warning is given during installs that LILO does not have a
>  password. I say add the MBR issue to the Secvurity howto, and move on.
> 

I don't quite understand why we are still "fighting", every body seem to
agree that there is some lack of documentation. And that's all.

For an `amateur', or a non-wizard sysadmin, the MBR is obviously something
with the same features as others MBR, or, possibly, something related to
LILO. If I hardly discovered the documentation about the mbr, I thought
this was redondant with the LILO documentation.

I have discovered two things linked with this thread :

- Debian's MBR is something special with, possibly, very interesting 
features : that something that seems powerful;
- but as anything powerful, that can introduce security holes if you are
not aware of, in some special cases (you must allow rebooting or booting, 
so you can't put the password in the setup, but you must control the boot
sequence).

The default used by Debian is an extra discussion. There is no problem if
it is made obvious that there are special features that must be known.

So like a lot of people have said, just make a warning :"Be careful : the
MBR installed has some extra features that make it powerful, but then
possibly dangerous if misconfigured. Please DO read the documentation here
<pointer>."

And IMHO that will be enough...

The worst in this case is not the security hole (yes, indeed, in some special
cases but this remains one). The worst is that I have something possibly
useful, and I don't know...
-- 
Thierry LARONDE <thierry.laronde@polynum.com>
website : http://www.polynum.com
/home du SDF (Site Debian Francophone) : http://www.polynum.com/debian

Reply to:

References:
- [POSSIBLE GRAVE SECURITY HOLD]
  - From: Samuel Tardieu <sam@debian.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Previous by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread