URL: <https://savannah.gnu.org/bugs/?66523>
Summary: Locking kernel options
Group: GNU GRUB
Submitter: es20490446e
Submitted: Tue 03 Dec 2024 05:09:13 PM UTC
Category: Security
Severity: Major
Priority: 5 - Normal
Item Group: Feature Request
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: Git master
Release:
Reproducibility: Every Time
Planned Release: None
_______________________________________________________
Follow-up Comments:
-------------------------------------------------------
Date: Tue 03 Dec 2024 05:09:13 PM UTC By: Alberto Salvia Novella <es20490446e>
If you enter the grub menu, and edit the kernel options, you can set
"init=/bin/sh" to automatically log in as superuser without a password.
Doesn't this create a false sense of security for most users, if they have
already set a password on the login screen?
Won't most users have their system unsecured, without them knowing it?
Isn't it important to have editing kernel options, and grub console, locked by
default, or at least having an option on "/etc/default/grub" for doing this
automatically?
Related:
https://gitlab.com/es20490446e/grub-smart/-/blob/main/root/etc/default/grub-smart/default?ref_type=heads#L102
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66523>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
