The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: non-trusted-console systems

To: Bruce Perens <bruce@debian.org>
Subject: Re: non-trusted-console systems
From: John Goerzen <jgoerzen@complete.org>
Date: 28 Aug 1997 21:12:57 -0500
Cc: security@debian.org
Delivered-to: security@debian.org
In-reply-to: Bruce Perens's message of Thu, 28 Aug 97 18:31 PDT
References: <m0x4Fud-00HlAjC@golem.pixar.com>
Resent-cc: recipient list not shown: ;
Resent-date: 29 Aug 1997 03:11:14 -0000
Resent-from: debian-private@lists.debian.org
Resent-message-id: <"7n694C.A.dBC.R3jB0"@debian>
Resent-sender: debian-private-request@lists.debian.org

Bruce Perens <bruce@debian.org> writes:

> From: John Goerzen <jgoerzen@cs.twsu.edu>
> > Problem 3: Specifying an alternate root partition
> > (Originally mentioned by Bruce Perens)
> 
> Consider the potential that someone could mount an NFS root, or one
> on a parallel-port ZIP drive or CD-writable if these drivers are in
> your kernel and root= is enabled.

ah yes, I hadn't thought of those.  The CD-R hits home for me since I
have one of them myself :-)

> How secure is the LILO password? Do you have to read-protect the
> block devices for the disk to prevent it from being read out?

Urmm, aren't they already read-protected?  It looks like they are mode
660, root.disk which looks good.  This means that anybody in group
disk can read anything on the disk, which has many other security
implications besides this one.

All we need to do is set /etc/lilo.conf mode 600, root.root.  That
will do it.

> You could put this all together into a non-trusted-console HOWTO.

Well, that's an idea.  I'll of course have to include the other stuff
that we have done like locking the cases, etc -- otherwise it would be
a "micro HOWTO" :-)

> You might also consider writing a script to set up non-trusted-console
> systems. 

Hmm, well since really all that has to be set is /etc/lilo.conf I'm
not sure if that's needed (or did you have something else in mind?)
Also, I'm not sure I want a script messing with my lilo.conf file anyway.

-- 
John Goerzen          | Running Debian GNU/Linux (www.debian.org)
Custom Programming    | Debian GNU/Linux is a free replacement for
jgoerzen@complete.org | DOS/Windows -- check it out at www.debian.org.
----------------------+----------------------------------------------
Notice: You may purchase the right to send me unsolicited commercial e-mail
("spam") for the fee of $500 (USD) per message.  Billing can be either
pre-arranged or can occur automatically after the reception of a spam.
Failure to pay will be treated in accordance to US Code, title 47, sec. 227,
which allows unsolicited e-mail to be punishable by action to recover actual
monetary loss or $500, whichever is greater, per violation.  Sending spam
to me without payment constitutes unauthorized access to my mail daemon,
which is in violation of federal law.

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

References:
- non-trusted-console systems
  - From: Bruce Perens <bruce@debian.org>

Prev by Date: Re: Getting root on Linux
Next by Date: Re: Getting root on Linux
Previous by thread: non-trusted-console systems
Next by thread: remote mail access on master
Index(es):
- Date
- Thread