Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: John Goerzen <firstname.lastname@example.org>
- Cc: Pierre Beyssac <email@example.com>, Samuel Tardieu <firstname.lastname@example.org>, Adam Di Carlo <email@example.com>, "Huneycutt, Doug" <firstname.lastname@example.org>, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
- Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: Daniel Burrows <Daniel_Burrows@brown.edu>
- Date: Wed, 2 Feb 2000 18:17:13 -0500
- Message-id: <20000202181713.A6159@brown.edu>
- Mail-followup-to: John Goerzen <email@example.com>, Pierre Beyssac <firstname.lastname@example.org>, Samuel Tardieu <email@example.com>, Adam Di Carlo <firstname.lastname@example.org>, "Huneycutt, Doug" <email@example.com>, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com
- Reply-to: Daniel Burrows <Daniel_Burrows@brown.edu>, firstname.lastname@example.org
- In-reply-to: <email@example.com>
- References: <firstname.lastname@example.org> <email@example.com> <20000202175255.E50448@enst.fr> <firstname.lastname@example.org> <20000202181855.H50448@enst.fr> <email@example.com> <20000202184944.K50448@enst.fr> <firstname.lastname@example.org>
On Wed, Feb 02, 2000 at 12:04:16PM -0600, John Goerzen was heard to say:
> Debian is no more responsible for somebody that sets the root password
> to an empty string than it is for somebody that doesn't read the LILO
> docs on a password or doesn't read the MBR docs. Further, as I have
> pointed out, Unix, commercial or otherwise, does not ship configured by
> default in a manner designed to thwart problems where hostile forces
> have physical access to the machine.
I personally am not that excited about this issue one way or the other, but
I get the feeling you aren't reading the same emails that I am and aren't using
the same Debian system.
This thread was the first -- the *first* -- time that I even realized that the
default Debian install didn't put LILO on the MBR but used the mbr package
instead. I believe I have read a lot of documentation, and I even knew of the
existence of the mbr package, but I thought that it was an optional addon for
people who needed unusual functionality. (I don't even think the package (and
thus the mbr documentation) is installed by default) I certainly agree that
people should read the documentation for the system, but there's no indication
that mbr is part of the system! If you don't know something exists, you're
unlikely to read its documentation..
Anyway, all that's needed is a mention of the fact that a special boot sector
is used for Debian, *somewhere* in the install. This will (a) let people who
might want it know that it exists, and (b) let people who don't want it know
that it exists. When setting it up (there's a question somewhere in the install
about putting LILO on the MBR instead, isn't there?), mention something like:
"Debian uses a special master boot record (MBR) which can boot from any
partition or attached device in addition to the primary active partition" I
believe this should solve the problem satisfactorily.
> I suggest that a far more reasonable solution, than installing no MBR,
> is to add a mention of the MBR to the Security-HOWTO, which already
> mentions things like padlocks and LILO.
Or add a mention of it *somewhere*.
"...I was grown tired of London, remember'd with Pleasure the happy Months
I had spent in Pennsylvania, and wish'd again to see it."
-- from the autobiography of Benjamin Franklin