grub: High Security risk with default installation

Rich Rudnick rich at
Thu Mar 13 00:36:33 UTC 2008

Kuba Plichcinski wrote:
> Package: grub
> Version: 0.97-29ubuntu4
> Severity: critical
> Tags: security
> Justification: root security hole
> Default grub installation doesn't require password for grub.
> Without a password anyoune can boot with option:
> init=/bin/sh
> Than it's enough to:
> mount -o remount,rw /
> To get full access in 20 seconds from boot.

If you want physical security of your box, set a bios password, put a
lock on the case, and put it in a safe. grub password protection is

More information about the ubuntu-users mailing list