Password-protect grub interactive commands

unggnu unggnu at googlemail.com
Mon Nov 12 16:18:19 UTC 2007 

Chris Warburton wrote:
> On Sat, 2007-11-10 at 17:41 +0100, Thilo Six wrote:
>> Milan wrote the following on 10.11.2007 16:56
>>
>> <<-snip->>
>>
>>> All in all, I'd rather suggest to activate password-locked GRUB, but I
>>> understand this question is hard to decide. Does anybody see other
>>> agruments on both sides?
>> against:
>> helping users on mailing lists or irc, with boot problems.
>>
> Exactly. In my opinion password protecting GRUB by default will cause
> headaches for a number of people, but it won't really make the system
> any more secure since physical access is gained by that point (thus
> allowing live media, removing the hard drive, etc.).
> 
> The only extra security measure I think is worth debating is full disk
> encryption. Such a thing would obviously be a nightmare for tech
> support, but since there are real security benefits I think it is worth
> considering and at least looking into. To me there is very little to be
> gained by password protecting GRUB though, so I'm against.
> 
> Thanks,
> Chris
> 
> 

I understand both opinions since there is a need for security and for
usability but I think there is another option than a grub password.

Ubuntu handles it similar to Windows XP Home which doesn't ask for a
administrator password during installation (XP Pro asks) so it was
always possible to use F8 to boot to recovery mode and login without a
password and to reset the user password. So it is not possible without
some knowledge to gain basic security.

Imagine Ubuntu is installed on PCs in sales area of a big store.
  A customer can just reboot the PC, choose recovery and that's it. He
can make everything. Even if home is encrypted he is still able to
install a kernel module or a back door program which logs the password.
OK, a administrator should know how to protect Ubuntu but basic security
is important I think.
The standard configuration of the PCs in stores I know is Windows
2000/XP Pro., only boot on hard disk and Bios password. This would
protect a standard Windows Pro installation but not an Ubuntu one.
Of course you could remove the battery but you need a screwdriver and
many professional PCs have a lock and/or intrusion detection (make
noises after next boot).

I like the way Ubuntu handles root that always sudo is needed so why we
don't make it with Recovery mode too? Just don't autologin root like
root has a password. Why not let the user login in with his user and
then use sudo to gain root access or set the user password for root and
disable the account? With this no grub password/lock is needed but there
is still basic security.
If you are afraid if people forget their password why not make a little
program on Live CD which can make that for you? Everyone can boot a CD
and reset their password but only if they have bios/boot access like
every private person.

Btw. atm it is much more harder to repair grub (e.g. after Windows
reinstallation) then to reset a password.

Administrator should know how to secure a system but we should make it
as easy as possible to prevent mistakes I think.

Thanks,
Unggnu

More information about the Ubuntu-devel-discuss mailing list