Re: [POSSIBLE GRAVE SECURITY HOLD]

[Pierre Beyssac <beyssac@enst.fr>]

On Wed, Feb 02, 2000 at 12:21:26PM -0600, John Goerzen wrote:
> > Funny, you edited out my question about why _THIS_ MBR allows you
> > to choose to boot from a floppy. Does the logical answer disturb
> > you, perhaps?
> 
> No, it's irrelevant.  It is not MBR that is making things insecure.
> It's YOU (or the relevant admin).

Note that you can even extend your argument by saying that serious
admins run only programs for which they have read, understood and
possibly corrected the source code. Reading the doc is not enough:
some features can be undocumented, poorly documented or wrongly
documented.

So, trying to fix security bugs in a default installation is totally
pointless if I understand you right, since the competent admin will
fix that because he knows Everything.

So Debian is a distribution geared for people who know Everything
and have the time to read and understand all the sources. See, I'm
beginning to understand how you see things.

> However I think it is a very poor argument to remove something because
> it has features that an inexperienced admin could misuse.

The point is about removing uselessly duplicate features. Who uses
the floppy boot feature of this MBR? Nobody. Who can be fucked by
this feature? A lot of people.

> Virtually everything in the distro is like that.

Yes, that's called creeping featurism. This is generalized on toy
operating systems. And this particular case is an obvious case of
needless duplicate features. Since this makes the source code grow,
you obviously make the task more difficult for the serious people
who read all the code they install. And by the way, that's the
opposite of security.

So you see, there's still a contradiction in your argument.
-- 
Pierre Beyssac		pb@enst.fr