we should set a grub password by default
Simon Lewis
simon.lewis at mnet-online.de
Wed May 16 07:18:39 UTC 2007
Sorry guys but I think this an over reaction...
If a network manager wants to restrict privileges for his network thats
OK, but don't trouble the average users with such problems
Simon
Sven schrieb:
> hello ubuntu developers!
>
> Jerome redirected me from my bug report #114838 to your audience.
>
> In short terms: I propose that during grub setup/configuration the grub
> password in menu.lst is activated by default. Please let me explain why.
>
> With the actual Ubuntu default settings anyone can easily gather
> root-privileges by rebooting and pressing e to enter edit mode in grub
> and add a init=/bin/bash kernel option. He can go on and do everything
> then.
> To establish a secure system with today's Ubuntu versions one would have
> to:
> 1) decide what requirements on protecting direct hardware modifications
> must to be established
> 2) set up the harddisk as the only boot-device, and protect this BIOS
> setting with a password
> 3) set up a Grub password to prevent boot-option modifications
>
> #1 and #2 are totally out of the operating system's focus, but #3 is
> something I'd like to talk about.
>
> To prevent this unauthorized boot-modifications gaining root-access,
> grub contains a password command line in menu.lst including a --md5
> option. If we set this password and don't change anything different in
> menu.lst, the only thing that changes is: grub options can not be
> modified and Grub's command line can not be opened to do different
> things.
> The Grub password can be be user defined during installation or be a
> random generated password, choosing a empty password deactivates Grub's
> password option.
> Then, assuming someone cared for #1 and #2, Grub's menu.lst can only be
> modified from the booted computer by an authenticated user.
>
> I think this is a little change most Ubuntu users wont even notice
> because they just use the grub manager to boot from the menu list, which
> will continue to work flawlessly.
>
> I think this "bug" is critical, because its nearly as simple as pressing
> a key during boot to gain root access. Most people i tell this did not
> know its so easy to compromise their linux system, which they installed
> because they thought its more secure than the "other os". Well it could
> be.
>
> Additional my proposal, i've seen a bug report comlaining about the
> alternate installation's grub password setup. It exists but it doesnt
> use the md5 hash method of grub, but clear text. The password is stored
> in menu.lst which is in 644 mode and everyone can read it.
>
> kind regards, Sven
>
>
More information about the Ubuntu-devel-discuss
mailing list