[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

On Tue, Feb 01, 2000 at 03:53:26PM -0500, Huneycutt, Doug wrote:
> 	---snip---
> > Physical security is not the responsibility of the MBR. If some one has
> > physical access to your system they can do whatever they like regardless.
> > 
> 	Agreed -- the most useful solution I've been able to implement is to
> use the BIOS configuration 
> 	features to disallow booting from floppy, then put a password on (at
> least) the configuration
> 	entry for the BIOS.  Removing the feature from the software isn't
> the solution.

The problem is even with that, that the current lilo config boots from the
harddrive and then let's you give a choice of booting the rest of the way
from floppy.

Security minded persons should not depend on things being setup for
"their" site out of the box. Hence, it is his fault for not checking that
in the first place. On top of that, given that it is configurable, it is a
simple change and then rerun lilo to disallow it.

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '

Reply to: