Security and grub2 (was: Debian Project News - May 31st, 2010)

To: w-gruhn@eilpetitionen.de
Cc: debian-publicity@lists.debian.org, GRUB Maintainers <pkg-grub-devel@lists.alioth.debian.org>
Subject: Security and grub2 (was: Debian Project News - May 31st, 2010)
From: Alexander Reichle-Schmehl <tolimar@debian.org>
Date: Mon, 31 May 2010 15:56:43 +0200
Message-id: <[🔎] 4C03C01B.1010706@debian.org>
In-reply-to: <[🔎] 4C03BAC4.50900@eilpetitionen.de>
References: <20100531124003.GI3233@melusine.alphascorpii.net> <[🔎] 4C03BAC4.50900@eilpetitionen.de>

Hi Wolfgang,

Am 31.05.2010 15:33, schrieb Wolfgang Gruhn:

>> William Pitcock explained [17] that due to some limitations (for example
>> in the size of supported kernels) the boot loader LILO [18] is about to
>> be removed from the upcoming release of Debian 6.0 "Squeeze". He
>> therefore asked users to test the replacement boot loader GRUB 2 [19].
> GRUB version 2 cannot be accepted (because of security reasons) as long
> as the PASSWORD command is ignored. Please inform the developers to use
> GRUB version 1 instead, thanks!

To the best of my knowledge, GRUB 2 supports restricting different boot
menus in a far more flexible way than GRUB 1 did.  I found a small
introduction at http://grub.enbug.org/Authentication, however I'm unsure
about the plain text passwords statement and how to best integrate that
into Debian's configuration handling.

GRUB maintainers, could you please comment on that?


Best regards,
  Alexander

Reply to:

References:
- Re: Debian Project News - May 31st, 2010
  - From: Wolfgang Gruhn <w-gruhn@eilpetitionen.de>

Prev by Date: Re: Debian Project News 2010/04 frozen, please review and translate
Next by Date: Re: Debian Project News - May 31st, 2010
Previous by thread: Re: Debian Project News - May 31st, 2010
Next by thread: Collaboration
Index(es):
- Date
- Thread