Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Pierre Beyssac wrote:
> So essntially the user has access to a keyboard and screen and a
> floppy disk drive, nothing more, but they still can tamper with
> the system configuration by using this feature of the MBR we were
> previously unaware of to boot a floppy disk of their own.
>
> We have removed this MBR so this hole is plugged; the problem is
> that it's part of the default Debian installation without any
> warning about its possibly harmful consequences.
I hope you have password protected your bios, and lilo too, or you're still
vunerable.
--
see shy jo, in New York
Reply to: