On Mon, Nov 30, 2009 at 16:39:05 -0500,
Gene Czarcinski <gene(a)czarc.net> wrote:
As I see it, the problem is that without a grub password, then an un-
privileged user can edit the command line to disable selinux or bootup in
single user mode.
On the other hand, there is also "good enough" versus perfect. In a perfect
world, a user would (by default) be required to enter that password. In a
"good enough" world, have the option to set the password.
If the threat model includes actively malicious people at the console, I'd
rather see encrypted file systems than a grub password. (And that doesn't
help if you don't realize that a malicious person may have had access
and that you shouldn't trust the system any more.)