[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


Le 2000-02-02, Ben Collins écrivait :

> In fact, sparc HARDWARE allows you to boot from tftp, floppy, CD, or any
> harddrive. So am I to suppose that SPARC hardware is insecure by default
> (for physical security)? Of course, and thus I would change it. Am I to
> suppose that it should be made not to do that by default? No, because it
> is setup to be easy to manage by default, and if I want better, I change
> it. Same with the MBR.

No no no. First of all, Sparc hardware allows booting from any medium,
just as PC hardware does. You can password-protect a Sun's PROM,
and likewise you can setup a PC's BIOS to require a password before
booting from floppy.

Debian's MBR includes an extra way of booting from floppy, which is not
documented anywhere, and which has no equivalent in other PC operating
systems. In other words, Debian's default behaviour is different from
the rest of the world's default behaviour, this difference is not at
all made obvious to users, and this difference introduces a new burden
on system administrators who want to control access to the root account
on their machines.


Reply to: