Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]

To: Pierre Beyssac <beyssac@enst.fr>
Cc: Ruud de Rooij <ruud@ruud.org>, Joseph Carter <knghtbrd@debian.org>, Martijn van Oosterhout <kleptog@cupid.suninternet.com>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
From: tb@mit.edu (Thomas Bushnell, BSG)
Date: 01 Mar 2000 14:42:46 -0500
Message-id: <[🔎] u1hr9du1npl.fsf@alice-whacker.mit.edu>
Reply-to: tb@mit.edu (Thomas Bushnell, BSG), 56821@bugs.debian.org
In-reply-to: Pierre Beyssac's message of "Wed, 2 Feb 2000 14:52:12 +0100"
References: <2000-02-02-11-38-12+trackit+sam@debian.org> <389823E6.37B56639@cupid.suninternet.com> <20000202045337.A10828@debian.org> <87og9zd9wx.fsf@hobbes.home.ruud.org> <20000202145212.S99806@enst.fr>

Pierre Beyssac <beyssac@enst.fr> writes:

> The security hole is that the console is made insecure by default
> without any warning from the installation program. That, in itself,
> would warrant a security advisory.

Are you really sure your machines are secure notwithstanding this?  I
doubt it seriously.

Not counting the possibility of physically dinking with the hardware,
are you sure that C-c during bootup won't do the wrong thing?  How
about telling LILO to boot Linux single-user?

Thomas

Reply to:

Follow-Ups:
- Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Dan Brosemer <odin@linuxfreak.com>

Prev by Date: Bug#59358: sym53c8xx-driver in the installation kernel crashes
Next by Date: Re: installation of `standard' packages comes as a surprise
Previous by thread: Bug#59358: marked as done (sym53c8xx-driver in the installation kernel crashes)
Next by thread: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread