[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.

On Wed, Feb 02, 2000 at 06:53:34PM +0100, Thomas Quinot wrote:
> Le 2000-02-02, Ben Collins écrivait :
> > the hardware to do the same thing. Granted we can document it, but I think
> > the behavior is expected of any default system that it is possible to boot
> > from floppy.
> Great. We seem to have identified one fundamental point where we
> have different opinions. I think that, on a system with default installation,
> if you disable booting from floppy in the BIOS and in LILO, then
> it is not expected behaviour that you /still/ can boot from floppy.

No, I cannot agree.

LILO and the BIOS are only two parts of the boot process. Since a) the
BIOS by default allows booting from the floppy, then using that as the
default for the MBR is not a security risk. The MBR is also a part, and
should be verified under these conditions, no matter what the default is.

If you have to change LILO and the BIOS, then changing the MBR _is_ to be
expected since it plays a part of the role (it is not excluded by any
means). If you file a bug on this, then also file one on silo, milo, and
complain loudly to your computer manufacturers (any of them that allow

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '

Reply to: