Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: John Goerzen <jgoerzen@complete.org>
- Cc: Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: Pierre Beyssac <beyssac@enst.fr>
- Date: Wed, 2 Feb 2000 18:18:55 +0100
- Message-id: <[🔎] 20000202181855.H50448@enst.fr>
- Reply-to: Pierre Beyssac <beyssac@enst.fr>, 56821@bugs.debian.org
- In-reply-to: <[🔎] 873drby1na.fsf@erwin.complete.org>; from John Goerzen on Wed, Feb 02, 2000 at 11:06:49AM -0600
- References: <[🔎] 2000-02-02-11-38-12+trackit+sam@debian.org> <[🔎] 87vh47k3v1.fsf@erwin.complete.org> <[🔎] 20000202175255.E50448@enst.fr> <[🔎] 873drby1na.fsf@erwin.complete.org>
On Wed, Feb 02, 2000 at 11:06:49AM -0600, John Goerzen wrote:
> Your attempt to take my argument to the logical extreme has failed. I
> suggest that we should make the system as secure as possible while
> keeping it usable.
And my answer is that your argument is flawed in that particular
case.
I'd like to know what your answer to the following questions is:
- what is the purpose, in terms of system usability, of
this MBR, other than bypassing BIOS and Lilo controls,
which hardly qualifies by my book?
- what function(s) of this MBR, enhancing system usability,
cannot be accomplished using the BIOS configuration and/or
Lilo?
- what is the purpose, in terms of system usability, of
NOT EXPLICITLY DOCUMENTING that behaviour in the install
process?
- what is the purpose, in terms of system usability, of
not issuing an advisory to warn vulnerable sites?
> The precise definition of this varies from site to
> site. Some people IRC as root, which is a terrible idea as far as I'm
> concerned.
But their system is sooooo much more usable. That's how some novice
Linux users do, after all.
--
Pierre Beyssac pb@enst.fr
Reply to: