Re: [POSSIBLE GRAVE SECURITY HOLD]
On Thu, 03 Feb 2000 08:16:15 Hamish Moffatt wrote:
> On Wed, Feb 02, 2000 at 09:43:33AM -0500, Michael Stone wrote:
> > I think a bigger question to ask is, "what does mbr buy us?" I've
> > thought it was a silly thing to install for a while now, and have
> > eradicated it on all of my systems without any problems.
> Well, I gather there can be problems with a brand new disk formatted
> for linux first up -- it needs code in the MBR to boot the system, but
> unless your disk manufacturer writes something in there, you need mbr.
> I think LILO in the MBR is, in general, the wrong solution too.
LILO in the MBR is no more or less secure than the DOS MBR or the MBR
that debian installs.
Basically this thread has persisted from the original author thinking
along the wrong lines here. PCs are basically insecure machines the
moment anybody has access to the console or the machine itself. I have
not once ever seen a PC that can be deemed to be secure when trialed
against physical access. Yes, you can make it bloody hard to do
anything, but there is no ultimate security.
Bascially, what i'm saying is:
If you have physical access to the machine, you can have not have
'complete security'. People can turn it off, reboot it, reconfigure
hardware, etc. Either way, you're screwed.
If you want ultimate security, pull out all the plugs and lock the box
up in a fireproof and airtight safe. You are not going to make a
machine completely secure any other way.
Thats my 5c.
Christopher Collins <email@example.com>
Network Administrator, John Curtin School of Medical Research