[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#56821: Important security hole: mbr allows anyone to boot from a floppy.



On Wed, Feb 02, 2000 at 11:26:52AM -0800, Joey Hess wrote:
> Thomas Quinot wrote:
> > Great. We seem to have identified one fundamental point where we
> > have different opinions. I think that, on a system with default installation,
> > if you disable booting from floppy in the BIOS and in LILO, then
> > it is not expected behaviour that you /still/ can boot from floppy.
> > 
> > Can we agree on that?
> 
> What you say makes no sense at all. You make an exception for lilo, but
> ignore the rest of the boot process, which includes mbr.
> 

This seems to go into a heated debate, I don't understand why this
thing is worth arguing about, it is solved already in the next version
of boot floppies by installing mbr without the possibility to boot
from floppy.

At first I could not understand the original complaint, but then I
figured out that there really is an unknown (to me and I assume to the
majority of Debian users) feature in the MBR that Debian installs
which can be used to make the machine boot from floppy EVEN WHEN
	1) booting from floppy is disabled in BIOS and
	2) BIOS is password protected

I fully agree with the complainers, the Debian MBR should not enable
booting from floppies by default. It might be useful in an emergency,
but only if you know about it. I did not, so I have always gone to
BIOS and set it to boot from floppy until I have got booting from hard
disk working again. 


> -- 
> To UNSUBSCRIBE, email to debian-boot-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
Tapio Lehtonen
Tapio.Lehtonen@IKI.FI
PGP public key from http://www.iki.fi/Tapio.Lehtonen

Attachment: pgpy8cMJvcMBP.pgp
Description: PGP signature


Reply to: