Re: Password-protect grub interactive commands (was: rationale of root access from boot)
On Nov 12, 2007 2:15 PM, Scott James Remnant [EMAIL PROTECTED] wrote: On Sat, 2007-11-10 at 14:06 +0800, Nicolas Deschildre wrote: [...] For the simplest installations, GRUB could perhaps read /etc/shadow and accept any user's password -- but that would be error-prone, open to exploit, and wouldn't support the kinds of installations you talk about later in this thread: corporate environments which often use centralised authentication. You're right, I overlooked that. And adding Jan Claeys' good remark on the keyboard layout, I'm now convinced that password protecting grub is not good by default. Thanks for your comments. This is EOT for me. Nicolas -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Password-protect grub interactive commands (was: rationale of root access from boot)
Nicolas Deschildre wrote the following on 11.11.2007 07:22 On 11/10/07, Thilo Six [EMAIL PROTECTED] wrote: Nicolas Deschildre wrote the following on 10.11.2007 07:06 -snip- Thanks for the pointer. But then, why not use this password feature by default to avoid anyone to edit boot parameter and become root? because it´s as easy as to plugin a LiveCD and overcome that. announce Ubuntu 8.04 == Hardware Requiments: * 256MB RAM * 2gig Harddisc space * a password protected BIOS * Manuel setup in boot sequenz, where CD comes last -snip- Well i am interessed how this would work out - could be a nice social experiment, don´t you think? Since Chris Warburton made it allready very clear i do not spend more time on this. EOT Thanks -- Thilo key: 0x4A411E09 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Password-protect grub interactive commands (was: rationale of root access from boot)
Op zaterdag 10-11-2007 om 14:06 uur [tijdzone +0800], schreef Nicolas Deschildre: But then, why not use this password feature by default to avoid anyone to edit boot parameter and become root? In addition to what was mentioned already: GRUB only knows about plain us keyboards, while many/most users probably have localised keyboard layouts, causing problems to enter password correctly. Even worse, some characters that they have on their keyboard, and thus could be used in a password, are simply unavailable for entering while in GRUB... -- Jan Claeys -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Password-protect grub interactive commands (was: rationale of root access from boot)
Nicolas Deschildre wrote the following on 10.11.2007 07:06 -snip- Thanks for the pointer. But then, why not use this password feature by default to avoid anyone to edit boot parameter and become root? because it´s as easy as to plugin a LiveCD and overcome that. -- Thilo key: 0x4A411E09 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Password-protect grub interactive commands (was: rationale of root access from boot)
On 11/10/07, Thilo Six [EMAIL PROTECTED] wrote: Nicolas Deschildre wrote the following on 10.11.2007 07:06 -snip- Thanks for the pointer. But then, why not use this password feature by default to avoid anyone to edit boot parameter and become root? because it´s as easy as to plugin a LiveCD and overcome that. What about password protected BIOS and CD drive as last boot option? - You open up the case, take the hardrive Ok you have a house, you know that thieves can bypass advanced alarm systems by using cutting-edge technology tools, so why bother, you just let the door unlocked? Come on! Of course if you are really willing to get this data, if you put in the ressources, you will eventually have the data. The point is, *don't make it too easy*. -- Thilo key: 0x4A411E09 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Password-protect grub interactive commands (was: rationale of root access from boot)
On Nov 4, 2007 6:35 PM, Oystein Viggen [EMAIL PROTECTED] wrote: * [Nicolas Deschildre] My point was not about the parameter itself. My point was about the ability to edit the kernel parameters while booting. IIRC lilo won't allow you that. http://www.gnu.org/software/grub/manual/html_node/Security.html Thanks for the pointer. But then, why not use this password feature by default to avoid anyone to edit boot parameter and become root? Lilo has a similar password feature, but no distribution I've used had lilo passwords enabled by default. For rationale, it's just obnoxious when you finally need to boot to single user, and you get asked for a password that you haven't used since you installed the box. Øystein -- This message was generated by a flock of happy penguins. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
