[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

Le 2000-02-01, Ben Collins écrivait :

> Physical security is not the responsibility of the MBR. If some one has
> physical access to your system they can do whatever they like regardless.

This, I believe, is not relevant to the problem in question.
There are situations where physically securing a machine is
neither practical nor necessary, and one may nevertheless prevent
casual attackers to take advantage of those kinds of situations
to obtain undue privileges.

For example, at this academic site, we have a few dozen Debian stations
that can be used by students freely during the day. As the labs are
under constant video monitoring, we consider that users will not tamper
with hardware (e.g. open a machine's case to short circuit the
BIOS battery). Moreover, students do need access to floppy drives
to take their own files home. For these reasons, the machines
in these labs have fully operative floppy disk drives. In our situation,
it is thus necessary to prevent users from /booting/ the machines from
the floppy disks, and to this effect we relied on the fact that
we had LILO installed on the machine's hard disks, with password
protection so users cannot pass arbitrary options to the kernel,
or boot a modified kernel.

> This is another case of security through obscurity.

I am afraid I do not get your point. What I am pointing out is that
installing by default software that will unconditionnally allow
users to boot a floppy disk, whatever the administrator-defined
settings are (in the BIOS and in lilo.conf) is not a good idea.
Doing that /without informing/ the administrator is insecurity,
not security, through obscurity.

> Turning it off does not help physical security, and it does not make up
> for lazy admins who wish to point fingers to make up for their problems.

The administrators of the site in question took the time to set up
the BIOS settings and loader configuration on each machine to ensure
that users could not get to boot a floppy disk. I would hardly call
them lazy.



Reply to: