Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: Pierre Beyssac <beyssac@enst.fr>
- Cc: Ruud de Rooij <ruud@ruud.org>, Joseph Carter <knghtbrd@debian.org>, Martijn van Oosterhout <kleptog@cupid.suninternet.com>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: John Goerzen <jgoerzen@complete.org>
- Date: 02 Feb 2000 09:47:54 -0600
- Message-id: <[🔎] 87n1pjk3md.fsf@erwin.complete.org>
- Reply-to: John Goerzen <jgoerzen@complete.org>, 56821@bugs.debian.org
- In-reply-to: Pierre Beyssac's message of "Wed, 2 Feb 2000 14:52:12 +0100"
- References: <[🔎] 2000-02-02-11-38-12+trackit+sam@debian.org> <[🔎] 389823E6.37B56639@cupid.suninternet.com> <[🔎] 20000202045337.A10828@debian.org> <[🔎] 87og9zd9wx.fsf@hobbes.home.ruud.org> <[🔎] 20000202145212.S99806@enst.fr>
Pierre Beyssac <beyssac@enst.fr> writes:
> You miss the point. That this can be fixed by configuration doesn't
> mean it's not a security hole in the first place.
>
> The security hole is that the console is made insecure by default
> without any warning from the installation program. That, in itself,
> would warrant a security advisory.
The console is automatically insecure. What led you to believe
otherwise?
> On the other hand, nobody knows that you ALSO have to edit the
> boot= line in lilo.conf to remove the dangerous MBR.
Do people also know that you have to padlock your computer's case
shut? That you have to password-protect the BIOS? That you have to
password-protect LILO? None of these have an obvious prompt, and on
some computers may require physical case modifications.
--
John Goerzen Linux, Unix consulting & programming jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
----------------------------------------------------------------------------+
The 885,121st digit of pi is 1.
Reply to: