[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]



Pierre Beyssac <beyssac@enst.fr> writes:

> You miss the point. That this can be fixed by configuration doesn't
> mean it's not a security hole in the first place.
> 
> The security hole is that the console is made insecure by default
> without any warning from the installation program. That, in itself,
> would warrant a security advisory.

The console is automatically insecure.  What led you to believe
otherwise?

> On the other hand, nobody knows that you ALSO have to edit the
> boot= line in lilo.conf to remove the dangerous MBR.

Do people also know that you have to padlock your computer's case
shut?  That you have to password-protect the BIOS?  That you have to
password-protect LILO?  None of these have an obvious prompt, and on
some computers may require physical case modifications.


-- 
John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
----------------------------------------------------------------------------+
The 885,121st digit of pi is 1.


Reply to: