1 Dec
2009
1 Dec
'09
1:48 a.m.
On Mon, Nov 30, 2009 at 16:39:05 -0500, Gene Czarcinski gene@czarc.net wrote:
As I see it, the problem is that without a grub password, then an un- privileged user can edit the command line to disable selinux or bootup in single user mode.
On the other hand, there is also "good enough" versus perfect. In a perfect world, a user would (by default) be required to enter that password. In a "good enough" world, have the option to set the password.
If the threat model includes actively malicious people at the console, I'd rather see encrypted file systems than a grub password. (And that doesn't help if you don't realize that a malicious person may have had access and that you shouldn't trust the system any more.)