we should set a grub password by default

Sven sven.lug-dorsten at gmx.de
Thu May 17 10:58:22 UTC 2007 

Am Donnerstag, den 17.05.2007, 11:03 +0100 schrieb Matthew Larsen:
> Hi all
> 
> I think putting a password by default on the grub booter just adds
> another level of unnecessary complexity for users. Enabling it by
> default you force people to learn another password which they then
> have to type in every time you boot etc etc.

That bias is simply not true. I explained it, Aurélien explained it, but
iam not getting tired :-)
You will not have to type any password to just start the computer.
You only have to type in a grub password for administrative jobs, like
temporary modifing kernel options or start the recovery mode.

>  I think a better option would be to allow the system admin to set a
> grub password during installation if need be.

Iam allready averted from the request of setting it by default. My
proposal is:
Making grub password an optional but easy to configure feature. The
setup of the grub password should assist people, inform them about the
additional step of bios-boot configuration, inform them about the
remaining risk of physical access.

br, Sven

> 
> Regards,
> 
> On 15/05/07, Sven <sven.lug-dorsten at gmx.de> wrote:
>         hello ubuntu developers!
>         
>         Jerome redirected me from my bug report #114838 to your
>         audience.
>         
>         In short terms: I propose that during grub setup/configuration
>         the grub
>         password in menu.lst is activated by default. Please let me
>         explain why. 
>         
>         With the actual Ubuntu default settings anyone can easily
>         gather
>         root-privileges by rebooting and pressing e to enter edit mode
>         in grub
>         and add a init=/bin/bash kernel option. He can go on and do
>         everything
>         then.
>         To establish a secure system with today's Ubuntu versions one
>         would have
>         to:
>         1) decide what requirements on protecting direct hardware
>         modifications
>         must to be established
>         2) set up the harddisk as the only boot-device, and protect
>         this BIOS 
>         setting with a password
>         3) set up a Grub password to prevent boot-option modifications
>         
>         #1 and #2 are totally out of the operating system's focus, but
>         #3 is
>         something I'd like to talk about.
>         
>         To prevent this unauthorized boot-modifications gaining
>         root-access,
>         grub contains a password command line in menu.lst including a
>         --md5
>         option. If we set this password and don't change anything
>         different in
>         menu.lst, the only thing that changes is: grub options can not
>         be
>         modified and Grub's command line can not be opened to do
>         different
>         things.
>         The Grub password can be be user defined during installation
>         or be a 
>         random generated password, choosing a empty password
>         deactivates Grub's
>         password option.
>         Then, assuming someone cared for #1 and #2, Grub's menu.lst
>         can only be
>         modified from the booted computer by an authenticated user. 
>         
>         I think this is a little change most Ubuntu users wont even
>         notice
>         because they just use the grub manager to boot from the menu
>         list, which
>         will continue to work flawlessly.
>         
>         I think this "bug" is critical, because its nearly as simple
>         as pressing 
>         a key during boot to gain root access. Most people i tell this
>         did not
>         know its so easy to compromise their linux system, which they
>         installed
>         because they thought its more secure than the "other os". Well
>         it could 
>         be.
>         
>         Additional my proposal, i've seen a bug report comlaining
>         about the
>         alternate installation's grub password setup. It exists but it
>         doesnt
>         use the md5 hash method of grub, but clear text. The password
>         is stored 
>         in menu.lst which is in 644 mode and everyone can read it.
>         
>         kind regards, Sven
>         
>         
>         --
>         Ubuntu-devel-discuss mailing list
>         Ubuntu-devel-discuss at lists.ubuntu.com
>         Modify settings or unsubscribe at:
>         https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>         
>         
> 
> 
> 
> -- 
> Matthew G Larsen
>    > mat.larsen at gmail.com
>    > +44(0)7739 785 249
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070517/03ecfadb/attachment.sig>

More information about the Ubuntu-devel-discuss mailing list