Re: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
>>>>> "Ben" == Ben Collins <bcollins@debian.org> writes:
Ben> On Tue, Feb 01, 2000 at 03:53:26PM -0500, Huneycutt, Doug wrote:
>> ---snip---
>>
>> > Physical security is not the responsibility of the MBR. If some one has
>> > physical access to your system they can do whatever they like regardless.
>> >
>> Agreed -- the most useful solution I've been able to implement is to
>> use the BIOS configuration
>> features to disallow booting from floppy, then put a password on (at
>> least) the configuration
>> entry for the BIOS. Removing the feature from the software isn't
>> the solution.
Ben> The problem is even with that, that the current lilo config boots from the
Ben> harddrive and then let's you give a choice of booting the rest of the way
Ben> from floppy.
Put a password in via the BIOS configuration. Many computers allow
you to set a password that disallows rebooting the machine without
typing a password. Or, set it so it boots only from drive "C", and
put a password on getting into the BIOS configuration menus.
Don't use `mbr', use a master boot record program that does not allow
booting from floppy like that. Perhaps we should offer another one,
in addition to `mbr', as an option on `boot-floppies'? This is
something we ought to research! Is there one from `freedos' we can
use? There is one called `extipl' in frozen. I have not downloaded
it yet; will do that today and see what it is. The other team
members ought to do the similar `apt-get source extipl' and have a
look-see. Doug? Maybe that's your solution. Please look into it.
In /etc/lilo.conf, which should be `chown root.root', `chmod o-rwx',
put something like the following... The relevant keywords here are
"password" and "restricted". I like to use the "single-key" and
"alias" options with that. If you try to give a kernel command line
at boot, it prompts for the password.
8<-------------------------------->8
password=XXXXXXXX
single-key
message=/boot/bootmessage.txt
prompt
delay=100
timeout=100
image=/boot/vmlinuz
label=Linux
alias=1
restricted
read-only
8<-------------------------------->8
Ben> Security minded persons should not depend on things being setup for
Ben> "their" site out of the box. Hence, it is his fault for not checking that
Ben> in the first place. On top of that, given that it is configurable, it is a
Ben> simple change and then rerun lilo to disallow it.
Ben> --
Ben> -----------=======-=-======-=========-----------=====------------=-=------
Ben> / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \
Ben> ` bcollins@debian.org -- bcollins@openldap.org -- bmc@visi.net '
Ben> `---=========------=======-------------=-=-----=-===-======-------=--=---'
Ben> --
Ben> To UNSUBSCRIBE, email to debian-boot-request@lists.debian.org
Ben> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: