[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Wed, Feb 02, 2000 at 09:47:54AM -0600, John Goerzen wrote:
> Pierre Beyssac <beyssac@enst.fr> writes:
> > You miss the point. That this can be fixed by configuration doesn't
> > mean it's not a security hole in the first place.
> > 
> > The security hole is that the console is made insecure by default
> > without any warning from the installation program. That, in itself,
> > would warrant a security advisory.
> The console is automatically insecure.  What led you to believe
> otherwise?

Specially when, like in slink, the lack of a file /etc/shutdown.allow allows
anybody to reboot...

> > On the other hand, nobody knows that you ALSO have to edit the
> > boot= line in lilo.conf to remove the dangerous MBR.
> Do people also know that you have to padlock your computer's case
> shut?  That you have to password-protect the BIOS?  That you have to
> password-protect LILO?  None of these have an obvious prompt, and on
> some computers may require physical case modifications.

All that you have cited are *NOT* operating system issues. The BIOS is not
Debian, the hardware is not Debian, etc...

What is asked for is, at least, *DOCUMENTATION*.

Let me remind... I have read that somewhere... Perhaps you can tell :


website : http://www.polynum.com

Reply to: