we should set a grub password by default
Matthew Paul Thomas
mpt at canonical.com
Wed May 16 04:40:39 UTC 2007
On May 16, 2007, at 10:33 AM, Phillip Susi wrote:
>
> Sven wrote:
>>
>> Modifying hardware is very different quality of impact than just
>> pressing 2 keys to gain root access.
>
> It isn't any harder to insert a bootable cd.
So a bootable CD here is analogous to a skeleton key, but people still
use locks.
I wonder if any of the people who make this sort of argument ever lock
their screen, either manually or through their screensaver config.
After all, what's the point of locking your screen when almost anyone
who can see it has physical access to the computer anyway? ;-)
> ...
> If your children are smart enough to edit the grub boot options, they
> are smart enough to boot from a livecd. Yes, having a grub password
> adds another barrier, and having a bios password adds yet another, but
> you have to remember that security is not either on or off. It is not
> an absolute, and it is not binary. Security is a spectrum of gray, and
> the conventional thinking is that the added security provided by a grub
> password is too little to be worth the increased headache to the vast
> majority of users.
> ...
> A gui grub configuration tool or an option to set a password in the
> installer would be a welcome feature -- just not setting some well
> known password by default.
> ...
So how feasible it would be for grub to accept the passphrase of any
admin user, rather than having its own? That would be weird in the
sense that the admin accounts are Ubuntu-specific, whereas grub is in
theory controlling access to multiple OSes. But it would save
subjecting people to an extra step in the installer, and it would make
the grub passphrase no longer a headache.
Cheers
--
Matthew Paul Thomas
http://mpt.net.nz/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070516/d3ef8808/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list