[Bug 481613] Re: grub2 - cat - security - it becomes too easy without pwd-protected grub-shell
Felix Zielcke
fzielcke at z-51.de
Fri Nov 27 12:51:35 UTC 2009
Am Montag, den 16.11.2009, 15:01 +0000 schrieb Alexander Holler:
> If it's your business to circumvent filesystem security (by ignoring
> all
> rights and offering a possibility to show every file) it should be
> your
> business to warn people about that.
But it's not our business to circumvent filesystem security.
It's exactly the same situtian as with GRUB Legacy.
If you don't set a password (ok and superuser now with grub2) you can
just edit the menu entry to use init=/bin/bash.
The only difference between Legacy and 2 is that we also provide the cat
command in commandline.
But if you set a password to protect against init=/bin/bash you're also
protected against our cat command.
--
Felix Zielcke
Proud Debian Maintainer and GNU GRUB developer
--
grub2 - cat - security - it becomes too easy without pwd-protected grub-shell
https://bugs.launchpad.net/bugs/481613
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list