Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- To: Pierre Beyssac <beyssac@enst.fr>
- Cc: Ruud de Rooij <ruud@ruud.org>, Joseph Carter <knghtbrd@debian.org>, Martijn van Oosterhout <kleptog@cupid.suninternet.com>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
- From: tb@mit.edu (Thomas Bushnell, BSG)
- Date: 01 Mar 2000 14:42:46 -0500
- Message-id: <[🔎] u1hr9du1npl.fsf@alice-whacker.mit.edu>
- Reply-to: tb@mit.edu (Thomas Bushnell, BSG), 56821@bugs.debian.org
- In-reply-to: Pierre Beyssac's message of "Wed, 2 Feb 2000 14:52:12 +0100"
- References: <2000-02-02-11-38-12+trackit+sam@debian.org> <389823E6.37B56639@cupid.suninternet.com> <20000202045337.A10828@debian.org> <87og9zd9wx.fsf@hobbes.home.ruud.org> <20000202145212.S99806@enst.fr>
Pierre Beyssac <beyssac@enst.fr> writes:
> The security hole is that the console is made insecure by default
> without any warning from the installation program. That, in itself,
> would warrant a security advisory.
Are you really sure your machines are secure notwithstanding this? I
doubt it seriously.
Not counting the possibility of physically dinking with the hardware,
are you sure that C-c during bootup won't do the wrong thing? How
about telling LILO to boot Linux single-user?
Thomas
Reply to: