we should set a grub password by default

Matthew Larsen mat.larsen at gmail.com
Thu May 17 10:03:58 UTC 2007

Hi all

I think putting a password by default on the grub booter just adds another
level of unnecessary complexity for users. Enabling it by default you force
people to learn another password which they then have to type in every time
you boot etc etc. I think a better option would be to allow the system admin
to set a grub password during installation if need be.


On 15/05/07, Sven <sven.lug-dorsten at gmx.de> wrote:
> hello ubuntu developers!
> Jerome redirected me from my bug report #114838 to your audience.
> In short terms: I propose that during grub setup/configuration the grub
> password in menu.lst is activated by default. Please let me explain why.
> With the actual Ubuntu default settings anyone can easily gather
> root-privileges by rebooting and pressing e to enter edit mode in grub
> and add a init=/bin/bash kernel option. He can go on and do everything
> then.
> To establish a secure system with today's Ubuntu versions one would have
> to:
> 1) decide what requirements on protecting direct hardware modifications
> must to be established
> 2) set up the harddisk as the only boot-device, and protect this BIOS
> setting with a password
> 3) set up a Grub password to prevent boot-option modifications
> #1 and #2 are totally out of the operating system's focus, but #3 is
> something I'd like to talk about.
> To prevent this unauthorized boot-modifications gaining root-access,
> grub contains a password command line in menu.lst including a --md5
> option. If we set this password and don't change anything different in
> menu.lst, the only thing that changes is: grub options can not be
> modified and Grub's command line can not be opened to do different
> things.
> The Grub password can be be user defined during installation or be a
> random generated password, choosing a empty password deactivates Grub's
> password option.
> Then, assuming someone cared for #1 and #2, Grub's menu.lst can only be
> modified from the booted computer by an authenticated user.
> I think this is a little change most Ubuntu users wont even notice
> because they just use the grub manager to boot from the menu list, which
> will continue to work flawlessly.
> I think this "bug" is critical, because its nearly as simple as pressing
> a key during boot to gain root access. Most people i tell this did not
> know its so easy to compromise their linux system, which they installed
> because they thought its more secure than the "other os". Well it could
> be.
> Additional my proposal, i've seen a bug report comlaining about the
> alternate installation's grub password setup. It exists but it doesnt
> use the md5 hash method of grub, but clear text. The password is stored
> in menu.lst which is in 644 mode and everyone can read it.
> kind regards, Sven
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

Matthew G Larsen
   > mat.larsen at gmail.com
   > +44(0)7739 785 249
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20070517/dfded94a/attachment.html>

More information about the Ubuntu-devel-discuss mailing list