Re: [POSSIBLE GRAVE SECURITY HOLD]
- To: Ben Collins <bcollins@debian.org>, Joseph Carter <knghtbrd@debian.org>
- Cc: Martijn van Oosterhout <kleptog@cupid.suninternet.com>, Samuel Tardieu <sam@debian.org>, Adam Di Carlo <adam@onshore.com>, "Huneycutt, Doug" <doug.huneycutt@lmco.com>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
- Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
- From: Pierre Beyssac <beyssac@enst.fr>
- Date: Wed, 2 Feb 2000 15:02:53 +0100
- Message-id: <20000202150253.T99806@enst.fr>
- In-reply-to: <20000202084316.F7238@visi.net>; from Ben Collins on Wed, Feb 02, 2000 at 08:43:16AM -0500
- References: <2000-02-02-11-38-12+trackit+sam@debian.org> <389823E6.37B56639@cupid.suninternet.com> <20000202045337.A10828@debian.org> <20000202084316.F7238@visi.net>
On Wed, Feb 02, 2000 at 08:43:16AM -0500, Ben Collins wrote:
> In fact, sparc HARDWARE allows you to boot from tftp, floppy, CD, or any
> harddrive. So am I to suppose that SPARC hardware is insecure by default
> (for physical security)? Of course, and thus I would change it. Am I to
> suppose that it should be made not to do that by default? No, because it
> is setup to be easy to manage by default, and if I want better, I change
> it. Same with the MBR.
Sorry, but I do run Sparc hardware too, and there are at least 3
major differences. I am a bit tired of these endless arguments when
this could have been fixed in 1/4 the time, so I'll make it short:
- Sparc behaviour is (succintly) documented in the boot
(ROM) monitor itself. Not Debian's MBR (this MBR has a
online doc? Good joke!);
- Sparc behaviour is documented in Solaris by default
(man boot, man eeprom). In Debian, it's not documented
unless you install the install-mbr package.
- Sparc behaviour allows you to set a password on the boot
procedure. Not Debian's MBR (good joke, again).
--
Pierre Beyssac pb@enst.fr
Reply to: