On Wed, Feb 10, 2010 at 05:42:22PM -0500, Joey Hess wrote:
> > Good question. I've been trying to dig out the history and it doesn't
> > seem especially clear even to me. I think I must have reasoned that (a)
> > using $tmpmnt wasn't significantly worse than using /target (I hadn't
> > thought of
On Wednesday 10 February 2010, Colin Watson wrote:
> Frankly, every time I've tried to add a feature to d-i of late that
> involved using some non-trivial amount of extra space, I've had to wade
> through so many objections about breaking floppy support or old
> architectures that I simply gave up.
> Good question. I've been trying to dig out the history and it doesn't
> seem especially clear even to me. I think I must have reasoned that (a)
> using $tmpmnt wasn't significantly worse than using /target (I hadn't
> thought of the security risk)
Speaking of the security risk, AFAICS via ligh
On Wed, Feb 10, 2010 at 04:01:00PM -0500, Joey Hess wrote:
> To mount a /boot partition, os-prober uses the mount binary from the
> linux system it is probing. There's a possible security risk here.
> Imagine if a compromised system is being reinstalled using a new drive,
> and the compromised driv
Package: os-prober
Severity: normal
Tags: security
To mount a /boot partition, os-prober uses the mount binary from the
linux system it is probing. There's a possible security risk here.
Imagine if a compromised system is being reinstalled using a new drive,
and the compromised drive is still conn
5 matches
Mail list logo
