Hello grub devels, i've got a question about grubs role in the security of a computer boot up.
I recently learned that i can gather root-previlidges without a root password on allmost every linux default installation out there. Just pressing e and edit the kernel commands and add init=/bin/bash. I also was told that the way to avoid this is a grub password. Now, i think that the grub password is not a appropriate solution to the problem, every user needs to know it and timeout is not possible. Lets talk about a notebook, i dont want someone to get root-previledges that easy. But i dont want to enter 2 oder 3 passwords on start up, i believe the login screen is good enough for me. Therefore i set the bios to only boot from hd and protect this with a bios-setup password. Then i would expect grub to have one or two features that i could not find yet. I call the first one "static configuration flag", the config should have a flag that makes grubs menu static. I can boot all the systems with the options in the menu.lst but not modify them. Just menu, not more. The second one is "changes get password protected", as name says. I can use the menu with the options in menu.lst, but editing them requires a password. I could even imagine setting a password as an option of every single entry in grub, but not the default one. Have i overlooked such features and they are allready there? Or are there constraints that cause them to not be there? regards, Sven Jaborek _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org http://lists.gnu.org/mailman/listinfo/grub-devel
