Re: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

To: Debian Boot Disks <debian-boot@lists.debian.org>
Subject: Re: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
From: Tapio Lehtonen <tale@iki.fi>
Date: Wed, 2 Feb 2000 11:16:33 +0200
Message-id: <[🔎] 20000202111633.B14989@iki.fi>
Reply-to: tapio.lehtonen@iki.fi
In-reply-to: <[🔎] 20000201182948.C5FD72AB3B@melchior.cuivre.fr.eu.org>; from thomas@cuivre.fr.eu.org on Tue, Feb 01, 2000 at 07:29:48PM +0100
References: <[🔎] 20000201182948.C5FD72AB3B@melchior.cuivre.fr.eu.org>

On Tue, Feb 01, 2000 at 07:29:48PM +0100, Thomas Quinot wrote:
> Package: boot-floppies
> Version: 2.2.5
> Severity: critical
> 
> During installation, boot-floppies set up a MBR using /sbin/install-mbr.
> The installed mbr allows user to boot from a floppy by pressing any
> key, then typing "F" at the prompt. Any password protection or

Does this mean, that a Debian system starts to boot from hard disk,
but at the lilo prompt it is possible to press "F" and get it to boot
from floppy? Is it really so? 

Otherwise I don't think the problem exists, if the BIOS is setup so
that it does not boot from floppy or CD-ROM, it's not possible to get
root access using own boot media. 

-- 
Tapio Lehtonen
Tapio.Lehtonen@IKI.FI
PGP public key from http://www.iki.fi/Tapio.Lehtonen

Attachment: pgpIX_pHNVCzP.pgp
Description: PGP signature

Reply to:

References:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>

Prev by Date: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by Date: [i18n] finduntranslated.pl
Previous by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by thread: Bug#56821: marked as done (mbr allows booting from floppy; wish for option to bypass mbr)
Index(es):
- Date
- Thread