[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

it's so simple... (was Re: [POSSIBLE GRAVE SECURITY HOLD])

On Wed, Feb 02, 2000 at 02:52:12PM +0100, Pierre Beyssac wrote:
> The security hole is that the console is made insecure by default
> without any warning from the installation program. That, in itself,
> would warrant a security advisory.

And regardless of whether it's a security hole, this feature should *not*
be undocumented.

A single line in the postinst (before it asks whether to install MBR)
which says what keys to hit to allow you to boot from floppy would be
a *very* good thing.

For people who want this feature, it would let them know how to use it.

For people who don't want this feature, it would let them know that
it exists.

The solution is simple, it helps everyone who would consider it relevant,
it does no harm that I can see.

I don't see why this should even be controversial.


Reply to: