Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, 2 Feb 2000, David Starner wrote:
> I don't think anyone's really arguing against this, it's more an arguement
> that the feature shouldn't be removed because it can be abused in a rare
Who says to remove it completely? Just don#t force it on users...
> set of circumstances. And that wouldn't help - who really tries to read
> all the messages at a full Debian installtion?
Me! ;) At least anything it gives me time to look at by pausing, anyway.
> Nonsense. Too much security can get in the way of doing what you need
> to do. If someone comes up to my computer, they can just take the hard
> drive or sit down to a logged in console - why fight stuff everytime
> you reboot for imaginary console security?
We're talking about reasonable security here. There is NO such thing as a
secure system. Maybe if remove all network connectivity, the floppy
drive, cdrom, cast it into ten cubic meters of concrete and
drop it into that smouldering Chernobyl reactor core; but even then I have
my doubts. ;)
Since most people probably never used (and never will use) the alternate
boot features of the mbr, why not let them chose a "secure" mbr instead at
install time? It'd make sysadmins happy, it'd show we care, it'd be good
for our karma by increasing the overall quality of debian, and it'd save
some poor souls somewhere some sleepless nights. ;)
And it wouldn't inconvenience people either; I hear no-one complaining
about the pcmcia packages which get installed by default last time I
checked, and you get asked "do you want to remove it?" every time you
install a desktop pc.
> "You want an extreamly specialized setup, and you're demanding that
> something only useful on that setup be default? Here's the Fucking
> Manual - you can set up your systems that way if you like."
I don't think it is as specialized as you suggest There are a lot of
public sites using Linux, especially uni's, and it's growing as Linux
seems to very slowly conquer some of MS market share. Of course in an
ideal world, they'd all run Debian, and that means each and every obne of
them is in for a rude going over by some smart student who reads the
debian-devel archives ;-)