The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Getting root on Linux

To: Philip Hands <phil@hands.com>
Subject: Re: Getting root on Linux
From: John Goerzen <jgoerzen@complete.org>
Date: 28 Aug 1997 07:22:55 -0500
Cc: Wichert Akkerman <wakkerma@wi.leidenuniv.nl>, Brian White <bcwhite@verisim.com>, Bruce Perens <bruce@debian.org>, Guy Maor <maor@ece.utexas.edu>, linux-security@redhat.com, security@debian.org, bugtraq@netspace.org
Delivered-to: security@debian.org
In-reply-to: Philip Hands's message of Thu, 28 Aug 1997 11:50:45 +0100
References: <1766.872765445@hands.com>
Resent-cc: recipient list not shown: ;
Resent-date: 29 Aug 1997 01:10:10 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"GpcZ2.A.l8F.xFiB0"@debian>
Resent-sender: debian-private-request@lists.debian.org

Philip Hands <phil@hands.com> writes:

> > A better solution would be to let the postinst ask if restricted&password
> > are needed then ask for a password. And check if the password is entered
> > correctly and not empty!
> 
> This is all pretty redundant unless you remove the floppy drive.  Especially 
> since by default mbr allows you to boot from floppy, even if you set the bios 
> to boot from the hard disk.

In the situation here, this is a given :-)

Yes, the BIOS on these computers has an option to disable floppy boot
ability.  This ability has been disabled and the BIOS has been
password protected and the case has been padlocked shut, so there is
no way they can boot from the floppy.

(though what is this about the MBR letting them boot from the floppy??)

> 
> I don't want to see any postinst questions that are not absolutely necessary, 
> and since I would guess that the vast majority of our users install mbr and 
> don't remove the floppy, this seems to be a counter productive question to 
> have in a postinst.

I'd suggest an option at install time.  Having known ways to get root
just by spending a couple of minutes at the keyboard is not good.
Somebody could walk out of their office or something -- it is not just
when operating public machines like in labs that this could be an issue.

-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | Debian GNU/Linux is a free replacement for
jgoerzen@complete.org | DOS/Windows -- check it out at www.debian.org.
----------------------+----------------------------------------------
Notice: You may purchase the right to send me unsolicited commercial e-mail
("spam") for the fee of $500 (USD) per message.  Billing can be either
pre-arranged or can occur automatically after the reception of a spam.
Failure to pay will be treated in accordance to US Code, title 47, sec. 227,
which allows unsolicited e-mail to be punishable by action to recover actual
monetary loss or $500, whichever is greater, per violation.  Sending spam
to me without payment constitutes unauthorized access to my mail daemon,
which is in violation of federal law.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- Re: Getting root on Linux
  - From: Philip Hands <phil@hands.com>

Prev by Date: Re: syslogd fun (fwd)
Next by Date: Re: Getting root on Linux
Previous by thread: Re: Getting root on Linux
Next by thread: Re: Getting root on Linux
Index(es):
- Date
- Thread