Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]

[Ben Collins <bcollins@debian.org>]

On Wed, Feb 02, 2000 at 04:53:37AM -0800, Joseph Carter wrote:
> On Wed, Feb 02, 2000 at 11:32:38PM +1100, Martijn van Oosterhout wrote:
> > Err, there is a mistake here somewhere. If you are getting 1FA at the
> > boot prompt then lilo is *NOT* in the MBR. If it were you would get the
> > lilo prompt.
> 
> Why not?  If I hold down the wrong key too soon in the boot process, I get
> a 3FA: prompt.  I press enter and get lilo as normal.
> 
> It's not a virus or a security concern.  Similar prompts happen on similar
> machines lots.  No two machines seem to have the same "strange" prompt.

In fact, sparc HARDWARE allows you to boot from tftp, floppy, CD, or any
harddrive. So am I to suppose that SPARC hardware is insecure by default
(for physical security)? Of course, and thus I would change it. Am I to
suppose that it should be made not to do that by default? No, because it
is setup to be easy to manage by default, and if I want better, I change
it. Same with the MBR.

Joseph, this is pointed at the argument, not at you :)

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'