[Bug 481613] Re: grub2 - cat - security - it becomes too easy without pwd-protected grub-shell
Alexander Holler
holler at ahsoftware.de
Fri Nov 27 13:20:59 UTC 2009
Sure, but as I've written above there is subtle difference between
adding init=/bin/bash to the menu entry and the cat command. The cat
command is so easy to use (and with online-help), that even a person
without any linux-knowledge (e.g. childs) won't have a problem to find
and use it.
That means it is much more dangerous not to use a password to protect a
linux-box with grub2 than it was with legacy grub.
And I've seen e.g. tons of messages where it is explained how to enable
the grub-menu (in ubuntu 9.10), all were without any remark that this
should be done only in conjunction with enabling a password for grub.
So there is imho clearly a requirement to warn users about that
(preferable at least in the grub-documentation from where it will spread
to other documentations), otherwise it doesn't needs long until
classrooms or such are equiped with dangerous grub2-installations.
--
grub2 - cat - security - it becomes too easy without pwd-protected grub-shell
https://bugs.launchpad.net/bugs/481613
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list