On Wed, Feb 02, 2000 at 02:37:38PM -0600, David Starner wrote: > On Wed, Feb 02, 2000 at 06:49:44PM +0100, Pierre Beyssac wrote: > > Fact: there are many systems vulnerable due to this bug. Why no > > official advisory? Does it improve system usability? Or maybe > > does it just improve _perceived_ system usability? > > Why do you say that there are many systems vulnerable due to this > bug? You're talking about a situation where untrusted users are I agree with Pierre, there are lots of Linux machines with semi-free access to potentially malicious users. Linux is used in Universities and similar places where you really can't trust all users. I don't work at the University any more, but if I did I would be very annoyed to discover I need to reinstall all publicly accessible machines because I can not be certain they have not been tampered with. There are even public libraries here with publicly accessible computers, they have all the usual stuff with BIOS passwords, BIOS not booting from floppy or CD-ROM etc. Together with a colleque, we tried to figure out how to break into them, but they really were securely configured, only opening the box and setting a jumper to reset the BIOS would have worked. But with Debian GNU/Linux on them, it would have been possible to boot from floppy. I assume that since I did not know about this feature-rich MBR Debian uses, neither would the system admins at the library. By the way, the machines I have installed have been secure, but purely by accident. I always modify /etc/lilo.conf to read boot=/dev/sda, that is not a partition but the disk device. This is because I put the swap as first partition, and could not understand how booting would work with lilo installed at /dev/sda2 only. This thread has been useful in teaching me how things really work. > > > -- > To UNSUBSCRIBE, email to debian-boot-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > -- Tapio Lehtonen Tapio.Lehtonen@IKI.FI PGP public key from http://www.iki.fi/Tapio.Lehtonen
Attachment:
pgpaciDZLrkzn.pgp
Description: PGP signature