Password-protect grub interactive commands

Nicolas Deschildre ndeschildre at gmail.com
Sun Nov 11 07:07:39 UTC 2007


On 11/11/07, Chris Warburton <chriswarbo at googlemail.com> wrote:
>
> On Sat, 2007-11-10 at 17:41 +0100, Thilo Six wrote:
> > Milan wrote the following on 10.11.2007 16:56
> >
> > <<-snip->>
> >
> > > All in all, I'd rather suggest to activate password-locked GRUB, but I
> > > understand this question is hard to decide. Does anybody see other
> > > agruments on both sides?
> >
> > against:
> > helping users on mailing lists or irc, with boot problems.
> >
> Exactly. In my opinion password protecting GRUB by default will cause
> headaches for a number of people,

True enough. If password protected GRUB was to be enabled, the
necessary actions/patches should be done so that the users passwords
can be used to unlock GRUB. (Currently only one password can be used
in GRUB).

> but it won't really make the system
> any more secure since physical access is gained by that point (thus
> allowing live media, removing the hard drive, etc.).

Gaining physical access doesn't always mean it's done. I mean, just
one use case I have in mind : at an office with BIOS protected
computers, lots of people passing by, I'd rather bet on a five minute
snoop than to bring my screwdriver and start to dismantle my boss
computer...
The point is, don't make it too easy.


> The only extra security measure I think is worth debating is full disk
> encryption. Such a thing would obviously be a nightmare for tech
> support, but since there are real security benefits I think it is worth
> considering and at least looking into. To me there is very little to be
> gained by password protecting GRUB though, so I'm against.
>
> Thanks,
> Chris
>
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>




More information about the Ubuntu-devel-discuss mailing list