Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, Feb 02, 2000 at 06:11:24PM +0100, Pierre Beyssac wrote:
> On Wed, Feb 02, 2000 at 10:58:48AM -0600, Adam Di Carlo wrote:
> > Geeze, dude, relax. Boot-floppies 2.2.6, will invoke 'install-mbr -e
> > -F' which disables floppy booting from mbr. I personally worry a bit
> > about that but we'll see what problems it causes. 2.2.6 should be
> > uploaded pretty soon.
> As said later, disabling "F" is not enough. You can still boot
> (using "A" then a numeric key) then select another partition from
> the hard disk. The problem is only slightly different. Once again
> Lilo configuration is bypassed.
> I can't understand why everyone insists on keeping this MBR since
> its "features" serve strictly _NO_ useful purpose other than
> bypassing Lilo and BIOS security, so the argument that removing it
> would impair the system's ease of use is totally flawed.
> We all agree that there can be no "absolute" security, especially
> when people have physical access to the machine. However I fail to
> see how that's an excuse to keep a security hole that big.
I agree that there should be a warning, however, the mbr _does_ provide
useful features, as outlined in the same documentation several people
have obviously _NOT_ read:
* Support for accessing large disks (>8G) has been added. This means
that the active partition doesn't have to be within the first 8G for
the MBR to load it's boot sector. The new code will be used on
systems which support it.
Also, the ability to boot other partitions and floppies _is_ useful,
but not for everyone - you, for instance, don't want it. That should
mean that before it is installed, you are warned and given a choice,
but it does NOT mean that it should not be there, as the majority of
users probably benefit more from the flexibility.
Elie Rosenblum That is not dead which can eternal lie,
http://www.cosanostra.net And with strange aeons even death may die.
Admin / Mercenary / System Programmer - _The Necronomicon_