Re: Debian 9.1 stable & bios_password

To: debian-user@lists.debian.org
Subject: Re: Debian 9.1 stable & bios_password
From: Darac Marjal <mailinglist@darac.org.uk>
Date: Thu, 17 Aug 2017 10:30:45 +0100
Message-id: <[🔎] 20170817093045.a56ac6vhgkc3h5ds@darac.org.uk>
In-reply-to: <[🔎] Krh52oD--3-0@tutanota.com>
References: <[🔎] Krh52oD--3-0@tutanota.com>

On Thu, Aug 17, 2017 at 12:09:37AM +0200, jumpy@tutanota.com wrote:

  from debian wiki : edit /boot/grub/menu.lst and add the following two lines at the top. This prevents users from editing the
  boot items. timeout 5 specifies a 5 second delay before grub boots the default item.

  timeout         5
  color cyan/blue white/blue
  password --md5 $1$A9NHZ/$N.6k9riAFMbV/nfsZ2LnD1

  does this old (obsolete & unsecure) doc work ?
  could it be an alternative creating a menu.lst cheating a bit ?
  i like the color line & the simplicity.

  Updated how-to :
  Set Grub2 boot password on Debian based system (June 9, 2017)
  ([1]https://linoxide.com/linux-how-to/set-grub-password)

Rather than consulting "obsolete & unsecure" documentation you've foundon the internet, why not just look at the manual[1] written by theprogram's authors?


[1] https://www.gnu.org/software/grub/manual/grub.html#Security


  if i install both ; does it lock, unlock, act as a backdoor, make the system unbootable erasing/removing the boot process ?
  and if i install 2 password for the same user , does it work ?

Grub2 won't do anything with menu.lst, unless you explicitly tell it todo so with 'legacy_configfile'.

The manual doesn't defined what happens if two passwords are defined forthe same user, so any of the above options is possible.


  it is just a question about how secure could be a grub password (e.g) if a hack (old how-to) is still allowed ... (i suppose
  all vulnerabilities are patched yet).

How is an "outdated & unsecure" howto which defines how to set apassword "a hack"? Again, setting a password was documented in themanual[2] for grub legacy, so following documented procedures is notreally a "hack".


[2] https://www.gnu.org/software/grub/manual/legacy/grub.html#Security


  # does a grub2 password secure (unhackable ?) really the o.s ?
  # should you recommend it as a safe measure ?

  --
  Securely sent with Tutanota.

References

  Visible links
  1. https://linoxide.com/linux-how-to/set-grub-password/


--
For more information, please reread.

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Debian 9.1 stable & bios_password
  - From: <jumpy@tutanota.com>

Prev by Date: Re: [solved] Re: Live recording
Next by Date: Re: [solved] Re: Live recording
Previous by thread: Debian 9.1 stable & bios_password
Next by thread: W: Failed to fetch [..] The following signatures were invalid: [..]
Index(es):
- Date
- Thread