[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]


>>"Samuel" == Samuel Tardieu <sam@debian.org> writes:

 Samuel> Since apparently several Debian developers disagree on
 Samuel> whether this issue is critical or not, I'd like to get input
 Samuel> from other developers.

 Samuel>   [1] The default Debian installation installs a MBR in your
 Samuel>       disk's MBR and installs lilo on your / partition.

 Samuel>   [2] Even if you setup your BIOS so that users can't boot
 Samuel>       from floppy disk and if you secure lilo with a
 Samuel>       password, your system can still be booted from a
 Samuel>       floppy:

        Huh? The default system does not prevent booting from a
 floppy; you have configured your bios and lilo. Why in god's name did
 you stop there, and not secure the MBR yourself? 

 Samuel>          - press shift at boot time, and Debian's MBR will
 Samuel>            give you a prompt
 Samuel>            1FA:
 Samuel>          - then press F, and your system will boot from
 Samuel>            floppy disk, and you will get full root access to
 Samuel>            the hard disk

        Yup. Great feature. Has saved my skin a couple of times. 

 Samuel> The point here is that:

 Samuel>   [1] An option exists to install MBR without giving access
 Samuel>       to the floppy, thus closing entirely this security hole

        This is not a security hole, any more than not having a
  password in the default LILO config is. Most installations are not
  secured against not having physical security, and we should cater to
  the most common case.

        Any saite that requires full protection against potentially
 hostile users is supposed to have sys admins who have a clue. So, we
 should just document the MBR, and let the clueful sysadmins do their
 job, and not make life harder for most installations. 

 Samuel>   [2] No warning is given at all during the installation that this MBR
 Samuel>       has extra features

        No warning is given during installs that LILO does not have a
 password. I say add the MBR issue to the Secvurity howto, and move on.

 Samuel> Given that some of us (maybe all, this is not a flame, just a
 Samuel> disagrement) do believe that this is an unacceptable security
 Samuel> issue for Debian, I would like to get developers opinion on
 Samuel> this.

        Sure. This is yet another case which is not secure enough in
 some arcane situations. For the super paranoid, you have to configure
 the stock Debian. What's wrong with that?

 Samuel> Not fixing this in Potato and not issuing an advisory and a
 Samuel> replacement mbr package for past distributions makes Debian a
 Samuel> very weak distribution.

        Fine. We like our weak distribution. Are you happy? Security
 and ease of use have their comprmises. Obviously, Debian's compromise
 does not please you. But I, for one, belong to a group who find the
 status quo eminently satisfactory, and indeed, more to be desired for
 the common user than your high security set up.

        Leave the MBR alone.

 Lewis's Law of Travel: The first piece of luggage out of the chute
 doesn't belong to anyone, ever.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: