Since apparently several Debian developers disagree on whether this issue is critical or not, I'd like to get input from other developers.  The default Debian installation installs a MBR in your disk's MBR and installs lilo on your / partition.  Even if you setup your BIOS so that users can't boot from floppy disk and if you secure lilo with a password, your system can still be booted from a floppy: - press shift at boot time, and Debian's MBR will give you a prompt 1FA: - then press F, and your system will boot from floppy disk, and you will get full root access to the hard disk The point here is that:  An option exists to install MBR without giving access to the floppy, thus closing entirely this security hole  No warning is given at all during the installation that this MBR has extra features Given that some of us (maybe all, this is not a flame, just a disagrement) do believe that this is an unacceptable security issue for Debian, I would like to get developers opinion on this. Not fixing this in Potato and not issuing an advisory and a replacement mbr package for past distributions makes Debian a very weak distribution. To take an analogy, what if your distribution installs a root shell freely available on virtual console F9 (so that it won't be easily noticed) without warning the system administrator by default? Sam PS/ in Pierre's case, machines were physically secured with anti-theft cables and monitored by video cameras, so compromising the hardware is much harder than pressing shift then F at boot time to gain root access Adam Di Carlo wrote, in the BTS (bug #56821): | I agree with Ben's assessment. I do not believe that the default way | boot-folopppies ships, that is, with flopppy booting enabled, is | incorrect, although I do recognize that some may wish it was not so. | | In accordandce with that wish, I have retitled and changed the | severity of this bug. It should be possible to skip mbr and install | lilo directly, disabling floppy booting (what in lilo.conf would have | to be changed?). | | I do not believe this is release critical, however. Moreover, I can't | wait until woody when hopefully we'll all be using 'grub', which | hopefully will be easier for us (boot-floppies maintainers) to work | with.
Description: PGP signature