we should set a grub password by default

Aurélien Naldi aurelien.naldi at gmail.com
Wed May 16 13:02:00 BST 2007


I know this discussion is getting insanely long, but I will add to it anyway...
I overall agree that
* getting a root shell is _way_ too easy in the default setup
* prompting the user for a grub password adds one technical question,
normal end-users don't care about this
* just putting the first user's password into the grub config seems insane

> Is is so hard to just run:
> "sudo passwd root"
> after the fisrt boot, while configuring everything else??
> I do it all the time, and after this simple step, I dont have even to
> bother about a password on grub.

Setting a password to the root user will indeed protect the "single
user" boot mode (available with two extra key press at boot time). But
it does not protect at all from relatively easy boot tricks, like
adding "init=/bin/sh" to the boot options. Besides this, a weak root
passwor would make your system easier to crack, while it is running, a
weak grub password seems less dangerous to me.

As it was said already, the only protection against this is grub
password + bios password (and then, the offender can still open the
box anyway, but this is enough for many use case)

Anyway, getting a "reasonable" security level requires some
intervention (for the BIOS password), so adding an easy way to setup a
grub password would be nice.
It would also be nice to add a warning message about this at the end
of the install, and/or an option in the "advanced" grub setup, but
asking such a technical question during the install process does not
look nice to me.

A tool to set a grub password should:
* set the password
* check/change the permissions on the menu.lst file
* add "lock" where needed

This could probably be done using a debconf question, so running
"dpkg-reconfigure grub" and give the password when asked would do the

Aurélien Naldi

More information about the Ubuntu-devel-discuss mailing list