Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, Feb 02, 2000 at 06:49:44PM +0100, Pierre Beyssac wrote:
> Fact: there are many systems vulnerable due to this bug. Why no
> official advisory? Does it improve system usability? Or maybe
> does it just improve _perceived_ system usability?
Why do you say that there are many systems vulnerable due to this
bug? You're talking about a situation where untrusted users are
allowed at the console of a machine, and there is a serious
worry that they may reboot the machine from a floppy to
get access to the hard drive. I can't see that being a problem
for a lot of people, as most people only let trusted
people at the console anyway. In your situation, since it
wouldn't be wise to store secure information on the system,
and they can always power cycle it until fsck is really unhappy,
I would try a social solution instead of a technical solution;
alternately, I would remove the floppy drive.
You, and a handful of people are the only people vulnerable,
because it's an unusual situation, and even in that situation
not everyone would worry about your problem, or would deal with
it in a different way.
David Starner - firstname.lastname@example.org
If you wish to strive for peace of soul then believe;
if you wish to be a devotee of truth, then inquire.
-- Friedrich Nietzsche