Re: [POSSIBLE GRAVE SECURITY HOLD]
On Wed, Feb 02, 2000 at 09:10:43PM -0600, Manoj Srivastava wrote:
> >>"Thierry" == Thierry Laronde <thierry.laronde@polynum.com> writes:
>
> Thierry> "refuse to read the documentation"!
>
> Thierry> REFUSE TO READ THE DOCUMENTATION !!!
>
> Thierry> An administrator has to guess what the Debian's MBR does ? Has to guess
> Thierry> that the Debian's MBR has extra features ? Ah, OK : "read" like
> Thierry> "read in mind"...
>
> Only if he is an idiot. The docs are there in /usr/doc/mbr/.
Maurice Merleau-Ponty has said : "You can't find anything if you don't
know already what you are looking for".
If I install LILO, then I read LILO documentation. But this is not _the_
MBR, this is _a_ MBR : how can someone guess that this one is special ?
How can someone guess that reading LILO is not sufficient, and that the
documentation about the Debian's MBR is not redundant ?
*I* don't want the default to be changed because I just *discovered* that
the Debian's MBR can be absolutely useful. The "crime" here, is not letting
every body know that :
- The MBR is special and powerful;
- and thus, must be configured in order to achieve security.
So a two lines warning about the special MBR and with a pointer to the doc
would be enough.
--
Thierry LARONDE <thierry.laronde@polynum.com>
website : http://www.polynum.com
/home du SDF (Site Debian Francophone) : http://www.polynum.com/debian
Reply to: