Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Randolph,
On Tue, Feb 01, 2000 at 08:25:03PM -0700, Randolph Chung wrote:
> instead of you all starting another flamewar^H^H^H^H^H^H^H^H^Hdiscussion, we
> are going to try to install the mbr with the floppy option turned off....
> (install-mbr --enable -F)
Thanks for your answer, that's a solution I like better than "you
should've read the docs we didn't write and the warnings we didn't
provide" :-)
> This bug will be closed with the next boot floppies upload. If you have
> other constructive concerns/suggestions, please let us know.
I think the "install-mbr --enable -F" is not enough, far from it:
what if there's a CDROM on the machine and a way to boot it? How
many unknown and dangerous "features" are still in this MBR?
Here are the points I would like addressed before the problem report
can be closed:
1) fixing the problem for future distributions
This MBR should be replaced in the install with a barebones MBR.
Reason: the last place where I expect creeping featurism
is in a MBR.
or alternatively (my second choice if you ask me), there should be
a PROMINENT warning during the installation that this MBR is
extremely dangerous, and why it is.
Reason: right now, the installation just leaves the choice
between installing a MBR and leaving the previous MBR.
Furthermore, it would be a good thing to add a choice in the
installation to install just LILO as the MBR. This fixed the problem
for me. Currently AFAICT LILO is configured on /dev/hda1 or
equivalent, not /dev/hda (this is how I fixed the hole, by the
way).
2) issuing a security advisory regarding past distributions (at
least 2.0 and 2.1), and issuing a recommended update for these
distributions.
Reason: Many sites are probably vulnerable and unaware of
this because they trusted the default installation.
--
Pierre Beyssac pb@enst.fr
Reply to: