[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#56821: POSSIBLE GRAVE SECURITY HOLD]



I don't wish to join this (it seems too heated for me) debate,
but I wish to improve our boot-floppies.

In article <20000202185949.A593@lantier.enst.fr>,
  at Wed, 2 Feb 2000 18:59:49 +0100,
    on Bug#56821: [POSSIBLE GRAVE SECURITY HOLD],
 Thomas Quinot <quinot@email.enst.fr> writes:

> There is no documentation whatsoever that, when a system is installed
> with the default settings, then the installed MBR will be the one
> from the package named "mbr".  There is no documentation whatsoever
> in the installation procedure that it will by default install an MBR that
> unconditionnally allows booting from a floppy disc.

I agree to that the information is not enough in document.

But I wish to point out that using MBR from the "mbr" package is
normal for Debian. 1.3 (bo) used it as far as I know. (I don't know
buzz and rex).

And, there is the message about installing the "MBR", separate from
the message about running LILO. I checked the code of the installer
from the slink, and the cvs code for coming potato.

For slink, there is the message about

     Running LILO to make the kernel able to boot from the
     hard disk without a boot floppy...

and the message titled "Create Master Boot Record?" which says

      A master boot record is required to boot the system.
      If you are already using a boot manager, and want to keep it, answer NO
      to the following question. If you don't know what a boot manager is or
      whether you have one, answer YES.

      Install a master boot record on <selected device> ?

If you do know about LILO, then you can notice this message tells you
that "a boot manager" which is something different than lilo, is installed.

And for coming potato, there are already additional messages are added in cvs
(I check cvsweb page, and found Adam, Karl, and Randolph worked for this.
 Thanks for their excellent work!)

The Debian's boot-floppies for potato, will warn users with the message
titled "Important Information about the installed MBR" after the installation
of the "MBR" from our "mbr" package using "install-mbr --interupt n <device>":

        The master boot record program that was just installed
        supports several advanced options that have not been enabled by default.
        The installed configuration will cause it to behave just like
        a standard MBR.  For information about the advanced features supported 
        by the mbr, please read the 'install-mbr' manual page.
             
The left problem to be done is to update the documentation file.
I think we should update documentation/<LANG>/dbootstrap.sgml, 
at the section:

  <sect>&MSG-DISK-BOOT;
    <p>
If you elect to make the hard disk boot directly to Linux, <![
%supports-nfsroot [ and you are <em>not</em> installing a diskless
workstation, ]]> you will be asked to install a master boot record. If
you aren't using a boot manager (and this is probably the case if you
don't know what a boot manager is) and you don't have another
different operating system on the same machine, answer &MSG-YES; to
this question.

<![ %i386 [ Note that if you answer &MSG-YES;, you won't be able to
boot into DOS normally on your machine, for instance.  Be careful.]]>

If you answer &MSG-YES;, the next question will be whether you want to
boot Linux automatically from the hard disk when you turn on your
system. This sets Linux to be the <em>bootable partition</em> -- the
one that will be loaded from the hard disk.
    <p>
Note that multiple operating system booting on a single machine is
still something of a black art.  This document does not even attempt
to document the various boot managers, which vary by architecture and
even by subarchitecture.   You should see your boot manager's
documentation for more information.  Remember: when working with the
boot manager, you can never be too careful.

<!--  for each architecture, talk very briefly about the boot loader, -->
<!--  and how to recover your native OS if feasible -->
<![ %i386 [
    <p>
The standard &architecture; boot loader is called ``LILO''.  It is a
complex program which offers lots of functionality, including DOS, NT,
and OS/2 boot managment.  Please carefully read the instructions in
the directory <file>/usr/doc/lilo/</file> if you have special needs;
also see the <url id="&url-lilo-howto;">.
    <p>
You can skip this step for now, and set the bootable partition later
with the Linux commands <prgn>fdisk</prgn> or <prgn>activate</prgn>
programs.  If you mess up and can no longer boot into DOS, you'll need
to use a DOS boot disk and use the <tt>fdisk /mbr</tt> to reinstall
the DOS boot block -- however, this means that you'll need to use some
other way to get back into Debian!

]]>

I wish to add the description about "mbr" in the second "%i386" section.

When we do this update of document, then, this report can be closed safely, I think.

# btw, I failed to install potato into some 40+ MB partition with
# 10 floppies. loaded and stored base2_2.tgz has the size about 14MB,
# and extracted base system has the size about 35MB, so maybe 50MB or
# more is required to install potato base system with the floppies.
# dbootstrap can extract kernels and modules safely from the floppies
# on my spare 486SX/25 notebook. but modconf would not run (this may be
# the known problem).

-- 
  Taketoshi Sano: <sano@debian.org>,<sano@debian.or.jp>,<kgh12351@nifty.ne.jp>


Reply to: