Re: Bug#56821: [POSSIBLE GRAVE SECURITY HOLD]
[ Can we confine this to `debian-boot'? ]
>>>>> "John" == John Goerzen <email@example.com> writes:
John> Daniel Burrows <Daniel_Burrows@brown.edu> writes:
>> It's been a while since I installed my Debian system, but I only remember it
>> asking whether LILO should go on the MBR -- it didn't explain what it was doing
>> in the non-MBR case (I assumed it just flagged the LILO partition as bootable
>> and let the DOS MBR handle it, which sounds dumb now, but there you are :) )
John> Likewise for me, but as I recall the question was whether or not it
John> should install mbr there, not whether or not it should put lilo there.
We probably _ought_ to offer Lilo in the MBR as an option. Getting
that done for Potato may or may not be doable... (I trail off into
ellipses because I have yet to read the sources to `dbootstrap'
myself.) Perhaps just adding commented off lines with explanations
and doc references to the installed `lilo.conf' would suffice? Then
we could message about it during install (unless quiet option), and
be done with it. The system admin could then remove a few sharp's
from `lilo.conf' and re-run lilo, to have the "secure" settings that
perhaps overwrite the MBR with lilo's boot.b, and define a boot
password for restricted images.
I think that `lilo.conf' ought to be installed `root.root
u=rw,g=r,o=' also, so that if there is a password defined, it is not
readable by non-root users.
It may very well be that when Woody becomes a release canidate, that
Lilo will not be used, and that Grub will be our boot loader.
It seems to me that we ought to stick with something not far from the
current configuration for Potato, so we can get it out the door, and
plan the bigger changes for the Woody release.
Is everyone satisfied that the boot can be secured now, with the
`--interrupt n' and a password/restrict setup in `lilo.conf', coupled
with BIOS passwords?