[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

> > Turning it off does not help physical security, and it does not make up
> > for lazy admins who wish to point fingers to make up for their problems.
> The administrators of the site in question took the time to set up
> the BIOS settings and loader configuration on each machine to ensure
> that users could not get to boot a floppy disk. I would hardly call
> them lazy.

Then the problem does not exist. I was pointing "lazy" to not checking
that it was setup properly, which you seem to confer with by saying that
several systems were in fact compromised because of that. If time had been
taken (and believe me, more time needs to be taken for physical security
than simple network security) to check the loader configuration after
install, then there would be no problem.

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '

Reply to: