Re: SECURITY PROBLEM: autofs [all versions]

To: debian-devel@lists.debian.org
Cc: journey@jps.net
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: ressu@uusikaupunki.fi (Sami Haahtinen)
Date: Sat, 1 Jul 2000 22:13:59 +0300
Message-id: <[🔎] 20000701221359.B3679@zanaga.uusikaupunki.fi>
Mail-followup-to: debian-devel@lists.debian.org, journey@jps.net
In-reply-to: <[🔎] 20000701091141.A19485@jps.net>; from journey@jps.net on Sat, Jul 01, 2000 at 09:11:41AM -0700
References: <395D40C7.576B8AC8@aet-usa.com> <Pine.LNX.3.96.1000630215055.25078A-100000@Maggie.Linux-Consulting.com> <[🔎] 20000701091141.A19485@jps.net>

On Sat, Jul 01, 2000 at 09:11:41AM -0700, Erik wrote:
> > anytime someone has physical access to the machine...
> > you already have a security problem.... ( my definition )
> > 
> many people run labs of compupters, in which they need
> as much physical security as possible.  And dont say just reboot
> off of a floppy, cuz any decent lab will have the bios password
> protected, and boots directly from the HD without trying the
> floppy or CD.

How about a simple debconf question for those who want to allow suid
executables by default (why would anyone want to do that?) by default,
nosuid would be used.

> That was the problem discussed with MBR awhile back, that it gave the
> option of booting from something else anyways, but that, like this is
> considered something the admin should be informed of, but not done
> for them(i guess this might get done).

heh, this has been 'exploited' a few times, due to forgotten bios
password. =)

Regards, Sami Haahtinen

Reply to:

References:
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: journey@jps.net (Erik)

Prev by Date: Re: seeking a roving reporter for DWN at zeroth conference
Next by Date: non-installable binaries in main (was Re: busybox_0.45-1_i386.changes REJECTED)
Previous by thread: Re: SECURITY PROBLEM: autofs [all versions]
Next by thread: Re: SECURITY PROBLEM: autofs [all versions]
Index(es):
- Date
- Thread