The debian-private mailing list leak, part 1. Volunteers have complained about Blackmail. Lynchings. Character assassination. Defamation. Cyberbullying. Volunteers who gave many years of their lives are picked out at random for cruel social experiments. The former DPL's girlfriend Molly de Blanc is given volunteers to experiment on for her crazy talks. These volunteers never consented to be used like lab rats. We don't either. debian-private can no longer be a safe space for the cabal. Let these monsters have nowhere to hide. Volunteers are not disposable. We stand with the victims.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Root vulnerabilities in Linux



> 3: Specify alternate root partition

Another way of doing this, is with mbr.

Since the default Debian setup is to have mbr installed, which then invokes 
lilo on the linux partition, this is something that Debian is vulnerable to.

>From /usr/doc/mbr/README.gz:

  When the MBR is first loaded it waits for a configurable length of
  time, monitoring the keyboard, for key presses. If the MBR detects a
  key press, it will interrupt the boot process, and display it's
  prompt.

...


  The boot prompt looks something like this:

  14FA:

  This is the list of valid keys which may be pressed. This means that
  partitions 1, and 4 can be booted, also the first floppy drive
  (F). The A means that 'advanced' mode may be entered, in which any
  partition may be booted. The prompt for this mode looks like this:

  1234F:

  The only other valid key which may be pressed is RETURN, which
  continues booting with the default partition.

--

So if mbr is installed, then booting from floppy is possible, even when the 
BIOS is configured to boot from the hard disk.

Cheers, Phil.



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-private-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .