[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


On Thu, 03 Feb 2000 08:16:15 Hamish Moffatt wrote:
> On Wed, Feb 02, 2000 at 09:43:33AM -0500, Michael Stone wrote:
> > I think a bigger question to ask is, "what does mbr buy us?" I've
> > thought it was a silly thing to install for a while now, and have
> > eradicated it on all of my systems without any problems.
> Well, I gather there can be problems with a brand new disk formatted
> for linux first up -- it needs code in the MBR to boot the system, but
> unless your disk manufacturer writes something in there, you need mbr.
> I think LILO in the MBR is, in general, the wrong solution too.

LILO in the MBR is no more or less secure than the DOS MBR or the MBR 
that debian installs.

Basically this thread has persisted from the original author thinking 
along the wrong lines here.  PCs are basically insecure machines the 
moment anybody has access to the console or the machine itself.  I have 
not once ever seen a PC that can be deemed to be secure when trialed 
against physical access. Yes, you can make it bloody hard to do 
anything, but there is no ultimate security.

Bascially, what i'm saying is:

If you have physical access to the machine, you can have not have 
'complete security'.  People can turn it off, reboot it, reconfigure 
hardware, etc.  Either way, you're screwed.

If you want ultimate security, pull out all the plugs and lock the box 
up in a fireproof and airtight safe.  You are not going to make a 
machine completely secure any other way.

Thats my 5c.
Christopher Collins <chris@jcsmr.anu.edu.au>
Network Administrator, John Curtin School of Medical Research

Reply to: