Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

To: Joey Hess <joeyh@debian.org>
Cc: thomas@cuivre.fr.eu.org, 56821@bugs.debian.org, Ben Collins <bcollins@debian.org>, pb@enst.fr, sam@infres.enst.fr
Subject: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
From: Ben Collins <bcollins@debian.org>
Date: Wed, 2 Feb 2000 10:51:16 -0500
Message-id: <[🔎] 20000202105116.G7238@visi.net>
Reply-to: Ben Collins <bcollins@debian.org>, 56821@bugs.debian.org
In-reply-to: <[🔎] 20000202000945.B852@kitenet.net>; from joeyh@debian.org on Wed, Feb 02, 2000 at 12:09:46AM -0500
References: <[🔎] 20000201182948.C5FD72AB3B@melchior.cuivre.fr.eu.org> <[🔎] 20000201141756.A7238@visi.net> <[🔎] 20000201225548.B29296@cuivre.fr.eu.org> <[🔎] 20000201204924.C7238@visi.net> <[🔎] 20000202030045.A31496@cuivre.fr.eu.org> <[🔎] 20000202000945.B852@kitenet.net>

On Wed, Feb 02, 2000 at 12:09:46AM -0500, Joey Hess wrote:
> Thomas Quinot wrote:
> > Is there any documentation whatsoever that the Debian installation
> > sets up a MBR which allows any user to boot from a floppy, which is
> > contrary to the usual, standard behaviour of MBRs that have been
> > found on PC computers for the past 15 years?
> 
> Have you considered that all PC's in the same time period have either booted
> from the floppy first by preference, or allowed you to configure the BIOS to
> so do?

Exactly. How can we consider it a bug in the OS, when it is the default of
the hardware to do the same thing. Granted we can document it, but I think
the behavior is expected of any default system that it is possible to boot
from floppy.

So this IS NOT a security issue, but merely a documentation issue.

-- 
 -----------=======-=-======-=========-----------=====------------=-=------
/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '
 `---=========------=======-------------=-=-----=-===-======-------=--=---'

Reply to:

Follow-Ups:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@debian.org>

References:
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Ben Collins <bcollins@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Ben Collins <bcollins@debian.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Thomas Quinot <thomas@cuivre.fr.eu.org>
- Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: [utilities/busybox] `cp' and `mv' are fixed. Please `cvs update'.
Previous by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Next by thread: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.
Index(es):
- Date
- Thread