we should set a grub password by default
Sven
sven.lug-dorsten at gmx.de
Tue May 15 17:23:41 UTC 2007
hello ubuntu developers!
Jerome redirected me from my bug report #114838 to your audience.
In short terms: I propose that during grub setup/configuration the grub
password in menu.lst is activated by default. Please let me explain why.
With the actual Ubuntu default settings anyone can easily gather
root-privileges by rebooting and pressing e to enter edit mode in grub
and add a init=/bin/bash kernel option. He can go on and do everything
then.
To establish a secure system with today's Ubuntu versions one would have
to:
1) decide what requirements on protecting direct hardware modifications
must to be established
2) set up the harddisk as the only boot-device, and protect this BIOS
setting with a password
3) set up a Grub password to prevent boot-option modifications
#1 and #2 are totally out of the operating system's focus, but #3 is
something I'd like to talk about.
To prevent this unauthorized boot-modifications gaining root-access,
grub contains a password command line in menu.lst including a --md5
option. If we set this password and don't change anything different in
menu.lst, the only thing that changes is: grub options can not be
modified and Grub's command line can not be opened to do different
things.
The Grub password can be be user defined during installation or be a
random generated password, choosing a empty password deactivates Grub's
password option.
Then, assuming someone cared for #1 and #2, Grub's menu.lst can only be
modified from the booted computer by an authenticated user.
I think this is a little change most Ubuntu users wont even notice
because they just use the grub manager to boot from the menu list, which
will continue to work flawlessly.
I think this "bug" is critical, because its nearly as simple as pressing
a key during boot to gain root access. Most people i tell this did not
know its so easy to compromise their linux system, which they installed
because they thought its more secure than the "other os". Well it could
be.
Additional my proposal, i've seen a bug report comlaining about the
alternate installation's grub password setup. It exists but it doesnt
use the md5 hash method of grub, but clear text. The password is stored
in menu.lst which is in 644 mode and everyone can read it.
kind regards, Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070515/b83e4b62/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list