Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
On Tue, Feb 01, 2000 at 07:29:48PM +0100, Thomas Quinot wrote:
> Package: boot-floppies
> Version: 2.2.5
> Severity: critical
>
> During installation, boot-floppies set up a MBR using /sbin/install-mbr.
> The installed mbr allows user to boot from a floppy by pressing any
> key, then typing "F" at the prompt. Any password protection or
> boot restriction defined in lilo.conf can thus be bypassed. There
> should be prominent warnings in the installation procedure to
> inform administrators that choosing the default choice for MBR
> installation (which is to use /sbin/install-mbr) grants root privileges
> to all users with access to the console.
>
> This is a very serious security problems; several machines at this
> site have been compromised at this site because of it. This report
> is therefore graded "critical" and will be forwarded to debian-security.
Physical security is not the responsibility of the MBR. If some one has
physical access to your system they can do whatever they like regardless.
If you want physical security, take the floppy drive out completely. If
you are having problems with people walking up to your equipment and doing
things you don't want them to, then get a locked rack.
This is another case of security through obscurity. The reason it is setup
that way is to make it easier to boot into a "safe" or "rescue" setup.
Turning it off does not help physical security, and it does not make up
for lazy admins who wish to point fingers to make up for their problems.
I suggest downgrading or even closing (If I had it my way) this bug.
Ben
--
-----------=======-=-======-=========-----------=====------------=-=------
/ Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
` bcollins@debian.org -- bcollins@openldap.org -- bmc@visi.net '
`---=========------=======-------------=-=-----=-===-======-------=--=---'
Reply to: