>>>>> Thomas Bushnell, BSG writes:
TB> I like Gordon's suggested architecture for the What We Do Right
TB> Now question.
[I've taken the liberty of replying to the lists, because that seems to
be what you intended. It's kind of fun to talk to one another in the
third person in private e-mail, though. Perhaps we'll do it again
>> 1) It is possible to boot into the rescue shell without a
>> password. I disagree with the idea of patching Hurd init to
>> require a password to get into rescue mode. If you want
>> protection, then let's change GRUB so that it refuses to boot Mach
>> in anything but automatic mode, unless you enter a password.
TB> At the FSF we found such a feature very handy. It raises the bar
TB> a bit from randoms who want to be a pain. It should be a
TB> strictly optional and non-default feature. But I don't want grub
TB> to have crypt in it, or to depend on the format of /etc/passwd.
TB> So I think this belongs in init, as an optional feature, or by
TB> changing the "shell" started at single-user ("rescue") startup.
The kind of password I was talking about was a simple `boot
administrator password', like PC BIOSes have right now, not a Unix
I just don't think init passwords provide any additional security,
because if the bootloader isn't protected in the first place, people
can just come over to the machine, boot from a floppy, and mount your
Having an init password only gives warm fuzzies (like a `wheel'
group), when administrators should really be looking at ways of
solving the true problem: preventing the machine from booting
arbitrary kernels with arbitrary flags.
All that init passwords do is make the rescue shell less useful,
because if your /etc/passwd is hosed (i.e. you forgot root password,
or other such nonsense), you still have to revert to using a floppy.
Gordon Matzigkeit <firstname.lastname@example.org> //\ I'm a FIG (http://www.fig.org/)
Committed to freedom and diversity \// I use GNU (http://www.gnu.org/)
- Re: runlevels
- From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: runlevels
- From: Gordon Matzigkeit <email@example.com>