we should set a grub password by default

[Phillip Susi]

Sven wrote:
> Modifying hardware is very different quality of impact than just
> pressing 2 keys to gain root access.

It isn't any harder to insert a bootable cd.

> Say i setup a pc in the childrens room, do i want my children to gain
> root access without a password?

If your children are smart enough to edit the grub boot options, they 
are smart enough to boot from a livecd.  Yes, having a grub password 
adds another barrier, and having a bios password adds yet another, but 
you have to remember that security is not either on or off.  It is not 
an absolute, and it is not binary.  Security is a spectrum of gray, and 
the conventional thinking is that the added security provided by a grub 
password is too little to be worth the increased headache to the vast 
majority of users.

> Say i setup 10 pcs in the public library, i dont think they want to
> steal those old heavy computers, but do i want anyone to gain root
> access without any problem?
> Compare it to windows, you can not gain root access during reboot,
> without a medium.

If you really want to harden your system, you are welcome to and have 
the tools to do so, but publicly accessible terminals are not the main 
audience that Ubuntu is targeted for, so those requirements will not 
drive default policy.

> Your answer is, "the tools you need are there". My answer is, they are
> to difficult to use for most of your users. 
> Matt bishops principles of secure programming includes beeing kind to
> your users, otherwise they will not use your security features.
> 
> I am asking to include a wizard style installation feature to enable the
> feature in KISS principle for users.

A gui grub configuration tool or an option to set a password in the 
installer would be a welcome feature -- just not setting some well known 
password by default.