we should set a grub password by default
Phillip Susi
psusi at cfl.rr.com
Tue May 15 22:33:41 UTC 2007
Sven wrote:
> Modifying hardware is very different quality of impact than just
> pressing 2 keys to gain root access.
It isn't any harder to insert a bootable cd.
> Say i setup a pc in the childrens room, do i want my children to gain
> root access without a password?
If your children are smart enough to edit the grub boot options, they
are smart enough to boot from a livecd. Yes, having a grub password
adds another barrier, and having a bios password adds yet another, but
you have to remember that security is not either on or off. It is not
an absolute, and it is not binary. Security is a spectrum of gray, and
the conventional thinking is that the added security provided by a grub
password is too little to be worth the increased headache to the vast
majority of users.
> Say i setup 10 pcs in the public library, i dont think they want to
> steal those old heavy computers, but do i want anyone to gain root
> access without any problem?
> Compare it to windows, you can not gain root access during reboot,
> without a medium.
If you really want to harden your system, you are welcome to and have
the tools to do so, but publicly accessible terminals are not the main
audience that Ubuntu is targeted for, so those requirements will not
drive default policy.
> Your answer is, "the tools you need are there". My answer is, they are
> to difficult to use for most of your users.
> Matt bishops principles of secure programming includes beeing kind to
> your users, otherwise they will not use your security features.
>
> I am asking to include a wizard style installation feature to enable the
> feature in KISS principle for users.
A gui grub configuration tool or an option to set a password in the
installer would be a welcome feature -- just not setting some well known
password by default.
More information about the Ubuntu-devel-discuss
mailing list