we should set a grub password by default

Sven sven.lug-dorsten at gmx.de
Wed May 16 00:46:39 UTC 2007 

Thank you Wiliam and Philip for the answers.

Am Dienstag, den 15.05.2007, 18:33 -0400 schrieb Phillip Susi:
> Sven wrote:
> > Modifying hardware is very different quality of impact than just
> > pressing 2 keys to gain root access.
> 
> It isn't any harder to insert a bootable cd.
> 
> > Say i setup a pc in the childrens room, do i want my children to gain
> > root access without a password?
> 
> If your children are smart enough to edit the grub boot options, they 
> are smart enough to boot from a livecd.  Yes, having a grub password 
> adds another barrier, and having a bios password adds yet another, but

I consider a system thats configured to only boot from hard disc, while
the BIOS password is activated and grub password is activated as very
secure.
You would have to open the case or do priviledge rights escalation
attacs to gain root access. This is a barrier to root access i can live
with. Others can not, others dont even care.

> you have to remember that security is not either on or off.  It is not 
> an absolute, and it is not binary.  Security is a spectrum of gray, and 
> the conventional thinking is that the added security provided by a grub 
> password is too little to be worth the increased headache to the vast 
> majority of users.

This just reminds me of the escape key skipping the password fields in
windows 9x. Not to forget the reason why most Windows XP users have
administrator privileges, its to much headache to the vast majority.

> > Say i setup 10 pcs in the public library, i dont think they want to
> > steal those old heavy computers, but do i want anyone to gain root
> > access without any problem?
> > Compare it to windows, you can not gain root access during reboot,
> > without a medium.
> 
> If you really want to harden your system, you are welcome to and have 
> the tools to do so, but publicly accessible terminals are not the main 
> audience that Ubuntu is targeted for, so those requirements will not 
> drive default policy.

I think i start with writing a "howto not give away root access for
free", free as in free beer :-)

> > Your answer is, "the tools you need are there". My answer is, they are
> > to difficult to use for most of your users. 
> > Matt bishops principles of secure programming includes beeing kind to
> > your users, otherwise they will not use your security features.
> > 
> > I am asking to include a wizard style installation feature to enable the
> > feature in KISS principle for users.
> 
> A gui grub configuration tool or an option to set a password in the 
> installer would be a welcome feature -- just not setting some well known 
> password by default.

thats a word!

Sven

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070516/42500a3f/attachment.sig>

More information about the Ubuntu-devel-discuss mailing list