we should set a grub password by default

Matthew Paul Thomas mpt at canonical.com
Wed May 16 04:40:39 UTC 2007

On May 16, 2007, at 10:33 AM, Phillip Susi wrote:
> Sven wrote:
>> Modifying hardware is very different quality of impact than just
>> pressing 2 keys to gain root access.
> It isn't any harder to insert a bootable cd.

So a bootable CD here is analogous to a skeleton key, but people still 
use locks.

I wonder if any of the people who make this sort of argument ever lock 
their screen, either manually or through their screensaver config. 
After all, what's the point of locking your screen when almost anyone 
who can see it has physical access to the computer anyway? ;-)

> ...
> If your children are smart enough to edit the grub boot options, they
> are smart enough to boot from a livecd.  Yes, having a grub password
> adds another barrier, and having a bios password adds yet another, but
> you have to remember that security is not either on or off.  It is not
> an absolute, and it is not binary.  Security is a spectrum of gray, and
> the conventional thinking is that the added security provided by a grub
> password is too little to be worth the increased headache to the vast
> majority of users.
> ...
> A gui grub configuration tool or an option to set a password in the
> installer would be a welcome feature -- just not setting some well 
> known password by default.
> ...

So how feasible it would be for grub to accept the passphrase of any 
admin user, rather than having its own? That would be weird in the 
sense that the admin accounts are Ubuntu-specific, whereas grub is in 
theory controlling access to multiple OSes. But it would save 
subjecting people to an extra step in the installer, and it would make 
the grub passphrase no longer a headache.

Matthew Paul Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070516/d3ef8808/attachment.sig>

More information about the Ubuntu-devel-discuss mailing list