Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

To: Pierre Beyssac <beyssac@enst.fr>, 56821@bugs.debian.org
Subject: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
From: Joey Hess <joeyh@debian.org>
Date: Wed, 2 Feb 2000 00:34:42 -0500
Message-id: <[🔎] 20000202003442.D852@kitenet.net>
Reply-to: Joey Hess <joeyh@debian.org>, 56821@bugs.debian.org
In-reply-to: <[🔎] 20000201235450.A37801@enst.fr>; from beyssac@enst.fr on Tue, Feb 01, 2000 at 11:54:50PM +0100
References: <[🔎] 20000201182948.C5FD72AB3B@melchior.cuivre.fr.eu.org> <[🔎] 20000201141756.A7238@visi.net> <[🔎] 20000201225548.B29296@cuivre.fr.eu.org> <[🔎] 20000201235450.A37801@enst.fr>

Pierre Beyssac wrote:
> So essntially the user has access to a keyboard and screen and a
> floppy disk drive, nothing more, but they still can tamper with
> the system configuration by using this feature of the MBR we were
> previously unaware of to boot a floppy disk of their own.
> 
> We have removed this MBR so this hole is plugged; the problem is
> that it's part of the default Debian installation without any
> warning about its possibly harmful consequences.

I hope you have password protected your bios, and lilo too, or you're still
vunerable.

-- 
see shy jo, in New York

Reply to:

Follow-Ups:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Pierre Beyssac <beyssac@enst.fr>

References:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Ben Collins <bcollins@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Pierre Beyssac <beyssac@enst.fr>

Prev by Date: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by Date: Bug#56821: it's so simple... (was Re: [POSSIBLE GRAVE SECURITY HOLD])
Previous by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Index(es):
- Date
- Thread