Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

To: thomas@cuivre.fr.eu.org, 56821@bugs.debian.org
Cc: pb@enst.fr, sam@infres.enst.fr
Subject: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
From: Ben Collins <bcollins@debian.org>
Date: Tue, 1 Feb 2000 20:49:24 -0500
Message-id: <[🔎] 20000201204924.C7238@visi.net>
Reply-to: Ben Collins <bcollins@debian.org>, 56821@bugs.debian.org
In-reply-to: <[🔎] 20000201225548.B29296@cuivre.fr.eu.org>; from thomas@cuivre.fr.eu.org on Tue, Feb 01, 2000 at 10:55:48PM +0100
References: <[🔎] 20000201182948.C5FD72AB3B@melchior.cuivre.fr.eu.org> <[🔎] 20000201141756.A7238@visi.net> <[🔎] 20000201225548.B29296@cuivre.fr.eu.org>

> > Turning it off does not help physical security, and it does not make up
> > for lazy admins who wish to point fingers to make up for their problems.
> 
> The administrators of the site in question took the time to set up
> the BIOS settings and loader configuration on each machine to ensure
> that users could not get to boot a floppy disk. I would hardly call
> them lazy.

Then the problem does not exist. I was pointing "lazy" to not checking
that it was setup properly, which you seem to confer with by saying that
several systems were in fact compromised because of that. If time had been
taken (and believe me, more time needs to be taken for physical security
than simple network security) to check the loader configuration after
install, then there would be no problem.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Reply to:

Follow-Ups:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>

References:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Ben Collins <bcollins@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>

Prev by Date: Re: Status of Potato?
Next by Date: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Previous by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Index(es):
- Date
- Thread