[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [POSSIBLE GRAVE SECURITY HOLD]

>>"Thomas" == Thomas Quinot <quinot@email.enst.fr> writes:

 Thomas> Le 2000-02-02, John Goerzen écrivait :
 >> Not at all.  Is not this already done in the docs for MBR?  I recall
 >> reading about it there...

 Thomas> There is no documentation whatsoever that, when a system is

        So whats /usr/doc/mbr/README? chopped liver? ;-)

 Thomas> installed with the default settings, then the installed MBR
 Thomas> will be the one from the package named "mbr".  There is no
 Thomas> documentation whatsoever in the installation procedure that
 Thomas> it will by default install an MBR that unconditionnally
 Thomas> allows booting from a floppy disc.

        The default is not havig a password in LILO, and the default
 always has been allwing floppy boots. In fact, that is indeed
 standard behavious, and the principle of least surprise says we do
 not change that. 

        If this is a problem, then indeed, the documentation should be
 highlighted in a Securing Debian document. 

        manoj
-- 
 if _FP_W_TYPE_SIZE < 64 error "Only stud muffins allowed, schmuck."
 endif linux/arch/sparc64/quad.c
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: