Re: we should set a grub password by default
* [Sven] Iam allready averted from the request of setting it by default. My proposal is: Making grub password an optional but easy to configure feature. The setup of the grub password should assist people, inform them about the additional step of bios-boot configuration, inform them about the remaining risk of physical access. I claim bike shed discussion on this thread. That is, lots of discussion about an issue because it's unimportant and easy to understand, so everyone sees a chance to state their opinion with little risk of having to defend a bad decision later. As has been stated in the thread, people who care either way can easily change the default after install. For home users, grub passwords are likely to be confusing, and I'd personally forget it after a while since it's unlikely to be automatically changed when I change the user password. Support for adding grub passwords when scripting the installer for large deployments would be useful. And the bike shed should be red, I think. Goes well with my coat. Øystein -- ssh -c rot13 otherhost -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: we should set a grub password by default
Hi all I think putting a password by default on the grub booter just adds another level of unnecessary complexity for users. Enabling it by default you force people to learn another password which they then have to type in every time you boot etc etc. I think a better option would be to allow the system admin to set a grub password during installation if need be. Regards, On 15/05/07, Sven [EMAIL PROTECTED] wrote: hello ubuntu developers! Jerome redirected me from my bug report #114838 to your audience. In short terms: I propose that during grub setup/configuration the grub password in menu.lst is activated by default. Please let me explain why. With the actual Ubuntu default settings anyone can easily gather root-privileges by rebooting and pressing e to enter edit mode in grub and add a init=/bin/bash kernel option. He can go on and do everything then. To establish a secure system with today's Ubuntu versions one would have to: 1) decide what requirements on protecting direct hardware modifications must to be established 2) set up the harddisk as the only boot-device, and protect this BIOS setting with a password 3) set up a Grub password to prevent boot-option modifications #1 and #2 are totally out of the operating system's focus, but #3 is something I'd like to talk about. To prevent this unauthorized boot-modifications gaining root-access, grub contains a password command line in menu.lst including a --md5 option. If we set this password and don't change anything different in menu.lst, the only thing that changes is: grub options can not be modified and Grub's command line can not be opened to do different things. The Grub password can be be user defined during installation or be a random generated password, choosing a empty password deactivates Grub's password option. Then, assuming someone cared for #1 and #2, Grub's menu.lst can only be modified from the booted computer by an authenticated user. I think this is a little change most Ubuntu users wont even notice because they just use the grub manager to boot from the menu list, which will continue to work flawlessly. I think this bug is critical, because its nearly as simple as pressing a key during boot to gain root access. Most people i tell this did not know its so easy to compromise their linux system, which they installed because they thought its more secure than the other os. Well it could be. Additional my proposal, i've seen a bug report comlaining about the alternate installation's grub password setup. It exists but it doesnt use the md5 hash method of grub, but clear text. The password is stored in menu.lst which is in 644 mode and everyone can read it. kind regards, Sven -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Matthew G Larsen [EMAIL PROTECTED] +44(0)7739 785 249 -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: we should set a grub password by default
Am Donnerstag, den 17.05.2007, 11:03 +0100 schrieb Matthew Larsen: Hi all I think putting a password by default on the grub booter just adds another level of unnecessary complexity for users. Enabling it by default you force people to learn another password which they then have to type in every time you boot etc etc. That bias is simply not true. I explained it, Aurélien explained it, but iam not getting tired :-) You will not have to type any password to just start the computer. You only have to type in a grub password for administrative jobs, like temporary modifing kernel options or start the recovery mode. I think a better option would be to allow the system admin to set a grub password during installation if need be. Iam allready averted from the request of setting it by default. My proposal is: Making grub password an optional but easy to configure feature. The setup of the grub password should assist people, inform them about the additional step of bios-boot configuration, inform them about the remaining risk of physical access. br, Sven Regards, On 15/05/07, Sven [EMAIL PROTECTED] wrote: hello ubuntu developers! Jerome redirected me from my bug report #114838 to your audience. In short terms: I propose that during grub setup/configuration the grub password in menu.lst is activated by default. Please let me explain why. With the actual Ubuntu default settings anyone can easily gather root-privileges by rebooting and pressing e to enter edit mode in grub and add a init=/bin/bash kernel option. He can go on and do everything then. To establish a secure system with today's Ubuntu versions one would have to: 1) decide what requirements on protecting direct hardware modifications must to be established 2) set up the harddisk as the only boot-device, and protect this BIOS setting with a password 3) set up a Grub password to prevent boot-option modifications #1 and #2 are totally out of the operating system's focus, but #3 is something I'd like to talk about. To prevent this unauthorized boot-modifications gaining root-access, grub contains a password command line in menu.lst including a --md5 option. If we set this password and don't change anything different in menu.lst, the only thing that changes is: grub options can not be modified and Grub's command line can not be opened to do different things. The Grub password can be be user defined during installation or be a random generated password, choosing a empty password deactivates Grub's password option. Then, assuming someone cared for #1 and #2, Grub's menu.lst can only be modified from the booted computer by an authenticated user. I think this is a little change most Ubuntu users wont even notice because they just use the grub manager to boot from the menu list, which will continue to work flawlessly. I think this bug is critical, because its nearly as simple as pressing a key during boot to gain root access. Most people i tell this did not know its so easy to compromise their linux system, which they installed because they thought its more secure than the other os. Well it could be. Additional my proposal, i've seen a bug report comlaining about the alternate installation's grub password setup. It exists but it doesnt use the md5 hash method of grub, but clear text. The password is stored in menu.lst which is in 644 mode and everyone can read it. kind regards, Sven -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Matthew G Larsen [EMAIL PROTECTED] +44(0)7739 785 249 signature.asc Description: Dies ist ein digital signierter Nachrichtenteil -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: we should set a grub password by default
Original-Nachricht Datum: Wed, 16 May 2007 12:22:04 +0100 Von: (``-_-´´) -- Fernando [EMAIL PROTECTED] An: Matthew Paul Thomas [EMAIL PROTECTED] CC: ubuntu-devel-discuss@lists.ubuntu.com Betreff: Re: we should set a grub password by default On 5/16/07, Matthew Paul Thomas [EMAIL PROTECTED] wrote: On May 16, 2007, at 10:33 AM, Phillip Susi wrote: So how feasible it would be for grub to accept the passphrase of any admin user, rather than having its own? That would be weird in the sense that the admin accounts are Ubuntu-specific, whereas grub is in theory controlling access to multiple OSes. But it would save subjecting people to an extra step in the installer, and it would make the grub passphrase no longer a headache. Cheers -- Matthew Paul Thomas http://mpt.net.nz/ Is is so hard to just run: sudo passwd root after the fisrt boot, while configuring everything else?? I do it all the time, and after this simple step, I dont have even to bother about a password on grub. Everyone can come around the root password with these steps: By pressing 'e' in grub, step down to the kernel line and press 'e' again, then simply add init=/bin/bash Press enter and press 'b' to boot. You will get a single user system with root-access passwordless. You can mount -o remount,rw your roor partition and with passwd and create a new root password. regards, Sven -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: we should set a grub password by default
On Tue, May 15, 2007 at 07:23:41PM +0200, Sven wrote: In short terms: I propose that during grub setup/configuration the grub password in menu.lst is activated by default. Please let me explain why. Providing a grub password by default risks giving people the impression that the system is secure, while in fact there are several other steps that would be required for that to be true (disabling CD drive booting, BIOS password, physical security of machine to prevent BIOS being reset or drives removed). Instead, we should make it easy for people to learn what needs to be done to make a system secure. -- Matthew Garrett | [EMAIL PROTECTED] -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss