Am Donnerstag, den 17.05.2007, 11:03 +0100 schrieb Matthew Larsen: > Hi all > > I think putting a password by default on the grub booter just adds > another level of unnecessary complexity for users. Enabling it by > default you force people to learn another password which they then > have to type in every time you boot etc etc.
That bias is simply not true. I explained it, Aurélien explained it, but iam not getting tired :-) You will not have to type any password to just start the computer. You only have to type in a grub password for administrative jobs, like temporary modifing kernel options or start the recovery mode. > I think a better option would be to allow the system admin to set a > grub password during installation if need be. Iam allready averted from the request of setting it by default. My proposal is: Making grub password an optional but easy to configure feature. The setup of the grub password should assist people, inform them about the additional step of bios-boot configuration, inform them about the remaining risk of physical access. br, Sven > > Regards, > > On 15/05/07, Sven <[EMAIL PROTECTED]> wrote: > hello ubuntu developers! > > Jerome redirected me from my bug report #114838 to your > audience. > > In short terms: I propose that during grub setup/configuration > the grub > password in menu.lst is activated by default. Please let me > explain why. > > With the actual Ubuntu default settings anyone can easily > gather > root-privileges by rebooting and pressing e to enter edit mode > in grub > and add a init=/bin/bash kernel option. He can go on and do > everything > then. > To establish a secure system with today's Ubuntu versions one > would have > to: > 1) decide what requirements on protecting direct hardware > modifications > must to be established > 2) set up the harddisk as the only boot-device, and protect > this BIOS > setting with a password > 3) set up a Grub password to prevent boot-option modifications > > #1 and #2 are totally out of the operating system's focus, but > #3 is > something I'd like to talk about. > > To prevent this unauthorized boot-modifications gaining > root-access, > grub contains a password command line in menu.lst including a > --md5 > option. If we set this password and don't change anything > different in > menu.lst, the only thing that changes is: grub options can not > be > modified and Grub's command line can not be opened to do > different > things. > The Grub password can be be user defined during installation > or be a > random generated password, choosing a empty password > deactivates Grub's > password option. > Then, assuming someone cared for #1 and #2, Grub's menu.lst > can only be > modified from the booted computer by an authenticated user. > > I think this is a little change most Ubuntu users wont even > notice > because they just use the grub manager to boot from the menu > list, which > will continue to work flawlessly. > > I think this "bug" is critical, because its nearly as simple > as pressing > a key during boot to gain root access. Most people i tell this > did not > know its so easy to compromise their linux system, which they > installed > because they thought its more secure than the "other os". Well > it could > be. > > Additional my proposal, i've seen a bug report comlaining > about the > alternate installation's grub password setup. It exists but it > doesnt > use the md5 hash method of grub, but clear text. The password > is stored > in menu.lst which is in 644 mode and everyone can read it. > > kind regards, Sven > > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > > > > > > -- > Matthew G Larsen > > [EMAIL PROTECTED] > > +44(0)7739 785 249
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss