Password-protect grub interactive commands (was: rationale of root access from boot)

Scott James Remnant scott at ubuntu.com
Mon Nov 12 06:15:30 GMT 2007


On Sat, 2007-11-10 at 14:06 +0800, Nicolas Deschildre wrote:

> But then, why not use this password feature by default to avoid anyone
> to edit boot parameter and become root?
> 
Because it adds a level of complexity without a significant gain.

The additional complexity is that users would have to decide on two
passwords during the installation procedure, and remember them both --
which is a large part of the reason we leave the root account locked and
use sudo instead.

For the simplest installations, GRUB could perhaps read /etc/shadow and
accept any user's password -- but that would be error-prone, open to
exploit, and wouldn't support the kinds of installations you talk about
later in this thread: corporate environments which often use centralised
authentication.


The reason for no significant gain is that anybody with physical access
can simply pop a Live CD into the drive and get at your disk that way.
Or open the case and take the drive with them.


Our favoured solution to the "data security" problem is to encrypt your
filesystem; the passphrase is needed on boot (just as with GRUB) except
now any amount of fiddling with boot options cannot bypass it since the
data is scrambled without it.  Likewise, neither a Live CD or inserting
the stolen drive into another machine can get at your data either --
since it's still encrypted and still requires the passphrase to access.

The alternate CD provides an option for this today; so if this is
important to you, I suggest you use that.  Once we're happy with the
implementation, and the general feedback of it, it may eventually end up
becoming an option in the graphical installer as well.

Scott
-- 
Scott James Remnant
scott at ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20071112/9e4dc952/attachment.pgp 


More information about the Ubuntu-devel-discuss mailing list