Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

To: Randolph Chung <tausq@debian.org>
Cc: 56821@bugs.debian.org
Subject: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
From: Thomas Quinot <thomas@cuivre.fr.eu.org>
Date: Wed, 2 Feb 2000 15:30:08 +0100
Message-id: <[🔎] 20000202153008.A3953@cuivre.fr.eu.org>
Reply-to: thomas@cuivre.fr.eu.org, 56821@bugs.debian.org
In-reply-to: <[🔎] 20000202072851.C1870@tausq.org>; from tausq@debian.org on Wed, Feb 02, 2000 at 07:28:51AM -0700
References: <[🔎] 20000201182948.C5FD72AB3B@melchior.cuivre.fr.eu.org> <[🔎] 20000201141756.A7238@visi.net> <[🔎] 20000201225548.B29296@cuivre.fr.eu.org> <[🔎] 20000201204924.C7238@visi.net> <[🔎] 20000202030045.A31496@cuivre.fr.eu.org> <[🔎] 20000201202503.L22865@tausq.org> <[🔎] 20000202124508.A3178@cuivre.fr.eu.org> <[🔎] 20000202072851.C1870@tausq.org>

Le 2000-02-02, Randolph Chung écrivait :

> I'm afriad this is not acceptable because of some setup scenarios. You

I would be /very/ interested if you could elaborate on this point.

> probably should file a bug against the mbr package to ask that F be disabled
> under A if --enable -F was specified on the command line.

Hum, to my reading of the mbr source code, this would defeat the
whole purpose of the 'A' mode, which consists in allowing boot
from disabled partitions.

I would also be most interested in learning why it is not possible
to fix this problem simply by displaying prominent warnings in
the installation procedure that the user must manually overwrite
the MBR, in addition to the normal BIOS and LILO setup, if he
wants to prevent boot from floppy disks by unauthorized users.

Thomas.

Reply to:

Follow-Ups:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Randolph Chung <tausq@debian.org>

References:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Ben Collins <bcollins@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Ben Collins <bcollins@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Randolph Chung <tausq@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Randolph Chung <tausq@debian.org>

Prev by Date: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by Date: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Previous by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Index(es):
- Date
- Thread