Re: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

[karlheg@bittersweet.inetarena.com (Karl M. Hegbloom)]

>>>>> "Ben" == Ben Collins <bcollins@debian.org> writes:

    Ben> On Tue, Feb 01, 2000 at 03:53:26PM -0500, Huneycutt, Doug wrote:
    >> ---snip---
    >> 
    >> > Physical security is not the responsibility of the MBR. If some one has
    >> > physical access to your system they can do whatever they like regardless.
    >> > 
    >> Agreed -- the most useful solution I've been able to implement is to
    >> use the BIOS configuration 
    >> features to disallow booting from floppy, then put a password on (at
    >> least) the configuration
    >> entry for the BIOS.  Removing the feature from the software isn't
    >> the solution.

    Ben> The problem is even with that, that the current lilo config boots from the
    Ben> harddrive and then let's you give a choice of booting the rest of the way
    Ben> from floppy.

 Put a password in via the BIOS configuration.  Many computers allow
 you to set a password that disallows rebooting the machine without
 typing a password.  Or, set it so it boots only from drive "C", and
 put a password on getting into the BIOS configuration menus.

 Don't use `mbr', use a master boot record program that does not allow
 booting from floppy like that.  Perhaps we should offer another one,
 in addition to `mbr', as an option on `boot-floppies'?  This is
 something we ought to research!  Is there one from `freedos' we can
 use?  There is one called `extipl' in frozen.  I have not downloaded
 it yet; will do that today and see what it is.  The other team
 members ought to do the similar `apt-get source extipl' and have a
 look-see.  Doug?  Maybe that's your solution.  Please look into it.

 In /etc/lilo.conf, which should be `chown root.root', `chmod o-rwx',
 put something like the following...  The relevant keywords here are
 "password" and "restricted".  I like to use the "single-key" and
 "alias" options with that.  If you try to give a kernel command line
 at boot, it prompts for the password.

8<-------------------------------->8
password=XXXXXXXX
single-key

message=/boot/bootmessage.txt
    prompt
    delay=100
    timeout=100

image=/boot/vmlinuz
    label=Linux
    alias=1
    restricted
    read-only
8<-------------------------------->8



    Ben> Security minded persons should not depend on things being setup for
    Ben> "their" site out of the box. Hence, it is his fault for not checking that
    Ben> in the first place. On top of that, given that it is configurable, it is a
    Ben> simple change and then rerun lilo to disallow it.

    Ben> -- 
    Ben>  -----------=======-=-======-=========-----------=====------------=-=------
    Ben> /  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
    Ben> `     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
    Ben>  `---=========------=======-------------=-=-----=-===-======-------=--=---'


    Ben> -- 
    Ben> To UNSUBSCRIBE, email to debian-boot-request@lists.debian.org
    Ben> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org