Re: SECURITY PROBLEM: autofs [all versions]

To: Erik <journey@jps.net>
Cc: debian-devel@lists.debian.org
Subject: Re: SECURITY PROBLEM: autofs [all versions]
From: "Christopher W. Curtis" <ccurtis@aet-usa.com>
Date: Mon, 03 Jul 2000 14:29:35 -0400
Message-id: <[🔎] 3960DB8F.BB0D7227@aet-usa.com>
References: <395D40C7.576B8AC8@aet-usa.com> <Pine.LNX.3.96.1000630215055.25078A-100000@Maggie.Linux-Consulting.com> <[🔎] 20000701091141.A19485@jps.net>

Erik wrote:
> 
> On Fri, Jun 30, 2000 at 09:56:45PM -0700, Alvin Oga wrote:
> >
> > hi christopher...
> >
> > anytime someone has physical access to the machine...
> > you already have a security problem.... ( my definition )
> >
[...]

> That was the problem discussed with MBR awhile back, that it gave the
> option of booting from something else anyways, but that, like this is
> considered something the admin should be informed of, but not done
> for them(i guess this might get done).

Anything involved in the boot process should be able to handle security
problems of this nature.  If MBR does not handle security, it is flawed
by design, not by error.

Autofs has nothing to do with booting and is flawed by configuration. 
Changing one line will fix the problem for the floppy.  The entry for
/dev/hdd and /dev/cdrom should be changed similarly.  The proper way to
configure it is already documented: `grep floppy /etc/fstab` (unless I
changed it, but I don't think so).

Christopher

Reply to:

References:
- Re: SECURITY PROBLEM: autofs [all versions]
  - From: journey@jps.net (Erik)

Prev by Date: Re: SECURITY PROBLEM: autofs [all versions]
Next by Date: Re: Debian 2.2 Release.
Previous by thread: Re: SECURITY PROBLEM: autofs [all versions]
Next by thread: Re: SECURITY PROBLEM: autofs [all versions]
Index(es):
- Date
- Thread