Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: tom@hunt184-80.optonline.net
- Cc: Adam Di Carlo <adam@onshore.com>, John Goerzen <jgoerzen@complete.org>, quinot@infres.enst.fr, Pierre Beyssac <beyssac@enst.fr>, Samuel Tardieu <sam@debian.org>, "Huneycutt,Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Raul Miller <moth@debian.org>
- Date: Thu, 3 Feb 2000 16:06:29 -0500
- Message-id: <20000203160629.A6734@usatoday.com>
- In-reply-to: <20000203155718.15155.qmail@rei.onegeek.org>; from tom@hunt184-80.optonline.net on Thu, Feb 03, 2000 at 03:57:18PM -0000
- References: <87vh47i28b.fsf@erwin.complete.org> <200002030030.SAA00851@cafe.onshore.com> <20000203001853.B5746@usatoday.com> <20000203155718.15155.qmail@rei.onegeek.org>
In tom.lists.debian-devel, you wrote:
> > After all, with a boot prompt, the student could get root access using
> > init=/bin/sh [Oh, wait, then that would be "grave" a bug in lilo..]
On Thu, Feb 03, 2000 at 03:57:18PM -0000, tom@hunt184-80.optonline.net wrote:
> Actually, not really. Lilo has two options ("restricted" and
> "password=") that, used together, allow the system to be booted
> without giving the user the ability to change the kernel command
> line. (Making lilo unreadable by users is a must so that they can't
> find out the password.)
Likewise, MBR has an option to prevent the boot prompt from being
functional.
I agree that there's a documentation issue here, by the way.
--
Raul
Reply to: