Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: quinot@infres.enst.fr
- Cc: Pierre Beyssac <beyssac@enst.fr>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: John Goerzen <jgoerzen@complete.org>
- Date: 02 Feb 2000 17:56:26 -0600
- Message-id: <[🔎] 87zotji2fp.fsf@erwin.complete.org>
- Reply-to: John Goerzen <jgoerzen@complete.org>, 56821@bugs.debian.org
- In-reply-to: Thomas Quinot's message of "Thu, 3 Feb 2000 00:47:46 +0100"
- References: <[🔎] 2000-02-02-11-38-12+trackit+sam@debian.org> <[🔎] 87vh47k3v1.fsf@erwin.complete.org> <[🔎] 20000202175255.E50448@enst.fr> <[🔎] 873drby1na.fsf@erwin.complete.org> <[🔎] 20000202181855.H50448@enst.fr> <[🔎] 87n1pjy0qs.fsf@erwin.complete.org> <[🔎] 20000202184944.K50448@enst.fr> <[🔎] 87ya93h467.fsf@erwin.complete.org> <[🔎] 20000203004746.B2812@lantier.enst.fr>
Thomas Quinot <quinot@email.enst.fr> writes:
> Le 2000-02-02, John Goerzen écrivait :
>
> > The purpose of this MBR is the same as that of any MBR.
>
> No, John, this is untrue. No other MBR allows booting from a floppy disk.
That's irrelevant. The purpose is the same: boot up an operating
system. That's a feature, not the purpose.
> > Which would mean that anybody without an MBR already on their system
> > would not get a bootable machine. Bad idea.
>
> Spreading misinformation only makes you less credible. As was
What misinformation? The above statement sounds perfectly reasonable.
> mentioned extensively on this list and elsewhere, using
> Debian's alternative MBR ius perfectly optional. LILO's first stage
> loader can also be used in place of a traditional MBR.
You have not paid attention to the discussion then, as using it has
some significant drawbacks vs. what you call a "traditional" MBR.
Specifically, you cannot modify the bootup settings from a non-Linux
OS, and it will cease functioning if anthing happens to the Linux
partition.
> Common sense commands people to read documentation that exists
> and to ignore documentation that does not exist.
Then by all means, please read the documentation that exists for mbr.
> > I suggest that a far more reasonable solution, than installing no MBR,
> > is to add a mention of the MBR to the Security-HOWTO, which already
> > mentions things like padlocks and LILO.
>
> What is the use of installing an MBR? Just because we have one is
> no sufficient reason at all.
Because the system WILL NOT BOOT without an MBR!
Didn't we just cover this above?
Reply to: