Re: [POSSIBLE GRAVE SECURITY HOLD]

To: Pierre Beyssac <beyssac@enst.fr>
Cc: John Goerzen <jgoerzen@complete.org>, Samuel Tardieu <sam@debian.org>, 56821@bugs.debian.org, pb@enst.fr, quinot@enst.fr, debian-devel@lists.debian.org
Subject: Re: [POSSIBLE GRAVE SECURITY HOLD]
From: David Starner <dstarner98@aasaa.ofe.org>
Date: Wed, 2 Feb 2000 14:37:38 -0600
Message-id: <20000202143738.A17370@x8b4e53cd.dhcp.okstate.edu>
In-reply-to: <20000202184944.K50448@enst.fr>; from beyssac@enst.fr on Wed, Feb 02, 2000 at 06:49:44PM +0100
References: <2000-02-02-11-38-12+trackit+sam@debian.org> <87vh47k3v1.fsf@erwin.complete.org> <20000202175255.E50448@enst.fr> <873drby1na.fsf@erwin.complete.org> <20000202181855.H50448@enst.fr> <87n1pjy0qs.fsf@erwin.complete.org> <20000202184944.K50448@enst.fr>

On Wed, Feb 02, 2000 at 06:49:44PM +0100, Pierre Beyssac wrote:
> Fact: there are many systems vulnerable due to this bug. Why no
> official advisory? Does it improve system usability? Or maybe
> does it just improve _perceived_ system usability?

Why do you say that there are many systems vulnerable due to this
bug? You're talking about a situation where untrusted users are 
allowed at the console of a machine, and there is a serious
worry that they may reboot the machine from a floppy to
get access to the hard drive. I can't see that being a problem
for a lot of people, as most people only let trusted
people at the console anyway. In your situation, since it 
wouldn't be wise to store secure information on the system, 
and they can always power cycle it until fsck is really unhappy,
I would try a social solution instead of a technical solution;
alternately, I would remove the floppy drive. 

You, and a handful of people are the only people vulnerable,
because it's an unusual situation, and even in that situation
not everyone would worry about your problem, or would deal with
it in a different way.

-- 
David Starner - dstarner98@aasaa.ofe.org
If you wish to strive for peace of soul then believe; 
if you wish to be a devotee of truth, then inquire.
   -- Friedrich Nietzsche

Reply to:

References:
- [POSSIBLE GRAVE SECURITY HOLD]
  - From: Samuel Tardieu <sam@debian.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: John Goerzen <jgoerzen@complete.org>
- Re: [POSSIBLE GRAVE SECURITY HOLD]
  - From: Pierre Beyssac <beyssac@enst.fr>

Prev by Date: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by Date: Re: Securing a Debian machine
Previous by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Next by thread: Re: [POSSIBLE GRAVE SECURITY HOLD]
Index(es):
- Date
- Thread