[Bug 481613] Re: grub2 - cat - security - it becomes too easy without pwd-protected grub-shell
Felix Zielcke
fzielcke at z-51.de
Sun Nov 15 18:50:48 UTC 2009
- disable access to the grub-shell through enforcing a password (maybe
through using a password stored in shadow)
Basis support is there see
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/392158 and also
http://grub.enbug.org/Authentication
But please note
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/478806
Just configure a superuser and a password for it and command line access
requires a password.
- make grub.cfg readable only by root
grub-mkconfig does that if there's a password line in the generated
grub.cfg
- encrypt the password in grub.cfg
Work in progress
- describe the problems with grub-shell LOUD AND CLEAR on every admin
and security-page of every handbook, faq and such.
That's not our business.
If you _really_ want a secure system you need to encrypt everything
except /boot
LUKS support for GRUB 2 is in work too by the way.
--
Felix Zielcke
Proud Debian Maintainer and GNU GRUB developer
--
grub2 - cat - security - it becomes too easy without pwd-protected grub-shell
https://bugs.launchpad.net/bugs/481613
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list