|
|
Kuba Plichcinski wrote:
> Package: grub
> Version: 0.97-29ubuntu4
> Severity: critical
> Tags: security
> Justification: root security hole
>
>
> Default grub installation doesn't require password for grub.
> Without a password anyoune can boot with option:
>
> init=/bin/sh
>
> Than it's enough to:
> mount -o remount,rw /
>
> To get full access in 20 seconds from boot.
>
If you want physical security of your box, set a bios password, put a
lock on the case, and put it in a safe. grub password protection is
illusory.
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
|
|