we should set a grub password by default
Joseph Price
pricechild at ubuntu.com
Tue May 15 17:31:21 UTC 2007
On 15/05/07, Sven <sven.lug-dorsten at gmx.de> wrote:
> hello ubuntu developers!
>
> Jerome redirected me from my bug report #114838 to your audience.
>
> In short terms: I propose that during grub setup/configuration the grub
> password in menu.lst is activated by default. Please let me explain why.
>
> With the actual Ubuntu default settings anyone can easily gather
> root-privileges by rebooting and pressing e to enter edit mode in grub
> and add a init=/bin/bash kernel option. He can go on and do everything
> then.
> To establish a secure system with today's Ubuntu versions one would have
> to:
> 1) decide what requirements on protecting direct hardware modifications
> must to be established
> 2) set up the harddisk as the only boot-device, and protect this BIOS
> setting with a password
> 3) set up a Grub password to prevent boot-option modifications
>
> #1 and #2 are totally out of the operating system's focus, but #3 is
> something I'd like to talk about.
>
> To prevent this unauthorized boot-modifications gaining root-access,
> grub contains a password command line in menu.lst including a --md5
> option. If we set this password and don't change anything different in
> menu.lst, the only thing that changes is: grub options can not be
> modified and Grub's command line can not be opened to do different
> things.
> The Grub password can be be user defined during installation or be a
> random generated password, choosing a empty password deactivates Grub's
> password option.
> Then, assuming someone cared for #1 and #2, Grub's menu.lst can only be
> modified from the booted computer by an authenticated user.
>
> I think this is a little change most Ubuntu users wont even notice
> because they just use the grub manager to boot from the menu list, which
> will continue to work flawlessly.
>
> I think this "bug" is critical, because its nearly as simple as pressing
> a key during boot to gain root access. Most people i tell this did not
> know its so easy to compromise their linux system, which they installed
> because they thought its more secure than the "other os". Well it could
> be.
>
> Additional my proposal, i've seen a bug report comlaining about the
> alternate installation's grub password setup. It exists but it doesnt
> use the md5 hash method of grub, but clear text. The password is stored
> in menu.lst which is in 644 mode and everyone can read it.
>
> kind regards, Sven
>
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
>
>
If someone has physical access to your machine then there's little
more that you can do IMO. If they want to find something on it, they
will. They could pop in a Live CD, or just take the hard drive etc. If
you're worried about this then encrypt your discs.
Pricey
More information about the Ubuntu-devel-discuss
mailing list