Your message dated Sat, 27 Oct 2007 14:02:02 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#442443: fixed in grub-installer 1.27
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: grub-installer
Severity: wishlist
(originally sent by Alex to the -boot list. As I find this an
interesting suggestion, I turn this into a wishlist bug against grub-installer)
Observed with today's debian-testing-amd64-businesscard.iso. (Testing with a
sid installer)
The debian installer allows the user to enter a password for GRUB to access
advanced features. If the user does so, the password is included in cleartext
in /boot/grub/menu.lst
GRUB has the capability to use an md5 hash of a password instead of storing
the password. These are generated with the grub command md5crypt. For
example, to generate a md5 hash of the password "foobar" (no quotes):
echo -e "md5crypt\nfoobar" | sudo grub --batch | grep "Encrypted" |
sed -e 's/Encrypted: //g'
There may be a cleaner way to do this but the above will work. Then,
in /boot/grub/menu.lst, where you would write:
password foobar
instead write (the output from the above command)
password --md5 $1$SZmo8$vxbhcjqNC4kHpqZi5n3r81
It is important not to store the password in cleartext for several reasons.
Some users (such as myself) may use a password either similar to or identical
to the root or user password on the machine for the bootloader. I boot to an
encrypted root, but of course /boot is on an unencrypted volume so the
password could be snooped.
I understand the rationale that on a normal system, if you have read access to
menu.conf then you have write access (eg, by rooting the system) and could
just clear the password anyway, but given that GRUB provides such a simple
way to use a hash instead I think Debian should implement this.
As always, thanks for the wonderful, free operating system. Many of us
appreciate your effort (including our entire cluster:-), and my two personal
machines)
Alex Roper
UGCS Sysadmin
California Institute of Technology
--
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: grub-installer
Source-Version: 1.27
We believe that the bug you reported is fixed in the latest version of
grub-installer, which is due to be installed in the Debian FTP archive:
grub-installer_1.27.dsc
to pool/main/g/grub-installer/grub-installer_1.27.dsc
grub-installer_1.27.tar.gz
to pool/main/g/grub-installer/grub-installer_1.27.tar.gz
grub-installer_1.27_i386.udeb
to pool/main/g/grub-installer/grub-installer_1.27_i386.udeb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Otavio Salvador <[EMAIL PROTECTED]> (supplier of updated grub-installer package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 27 Oct 2007 11:58:04 -0200
Source: grub-installer
Binary: grub-installer
Architecture: source i386
Version: 1.27
Distribution: unstable
Urgency: low
Maintainer: Debian Install System Team <debian-boot@lists.debian.org>
Changed-By: Otavio Salvador <[EMAIL PROTECTED]>
Description:
grub-installer - Install GRUB on a hard disk (udeb)
Closes: 442443
Changes:
grub-installer (1.27) unstable; urgency=low
.
[ Romain Perier ]
* Password was sent in clear-text into menu.lst; use 'grub --batch'
with md5crypt alternative to correct it. Closes: #442443.
.
[ Otavio Salvador ]
* Add maintainer-script-lacks-debhelper-token to
source.lintian-overrides.
* Change grub-installer.install to avoid .svn files on rescue.d dir.
.
[ Updated translations ]
* Belarusian (be.po) by Hleb Rubanau
* Bulgarian (bg.po) by Damyan Ivanov
* Czech (cs.po) by Miroslav Kure
* German (de.po) by Jens Seidel
* Esperanto (eo.po) by Serge Leblanc
* Galician (gl.po) by Jacobo Tarrio
* Hebrew (he.po) by Lior Kaplan
* Korean (ko.po) by Sunjae Park
* Dutch (nl.po) by Bart Cornelis
* Norwegian Nynorsk (nn.po) by HÃ¥vard Korsvoll
* Polish (pl.po) by Bartosz Fenski
* Romanian (ro.po) by Eddy PetriÈor
* Albanian (sq.po) by Elian Myftiu
* Tamil (ta.po) by Dr.T.Vasudevan
* Thai (th.po) by Theppitak Karoonboonyanan
Files:
3d8135ede2773d947b28847ed8fc3271 796 debian-installer standard
grub-installer_1.27.dsc
0ac4bdc16df47238dcbe7a609defe479 132822 debian-installer standard
grub-installer_1.27.tar.gz
75d8f8e33703887f1dc7814f5a750457 111648 debian-installer standard
grub-installer_1.27_i386.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHI0QKLqiZQEml+FURAnDIAJ9iJZ46r7g+qc8poSpS6/W88npJGQCdGmfp
lR+ctuSUUthxqIgMbvbIot0=
=U6Fr
-----END PGP SIGNATURE-----
--- End Message ---
