[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian 9.1 stable & bios_password

On Thu, Aug 17, 2017 at 12:09:37AM +0200, jumpy@tutanota.com wrote:
  from debian wiki : edit /boot/grub/menu.lst and add the following two lines at the top. This prevents users from editing the
  boot items. timeout 5 specifies a 5 second delay before grub boots the default item.

  timeout         5
  color cyan/blue white/blue
  password --md5 $1$A9NHZ/$N.6k9riAFMbV/nfsZ2LnD1

  does this old (obsolete & unsecure) doc work ?
  could it be an alternative creating a menu.lst cheating a bit ?
  i like the color line & the simplicity.

  Updated how-to :
  Set Grub2 boot password on Debian based system (June 9, 2017)

Rather than consulting "obsolete & unsecure" documentation you've found on the internet, why not just look at the manual[1] written by the program's authors?

[1] https://www.gnu.org/software/grub/manual/grub.html#Security

  if i install both ; does it lock, unlock, act as a backdoor, make the system unbootable erasing/removing the boot process ?
  and if i install 2 password for the same user , does it work ?

Grub2 won't do anything with menu.lst, unless you explicitly tell it to do so with 'legacy_configfile'.

The manual doesn't defined what happens if two passwords are defined for the same user, so any of the above options is possible.

  it is just a question about how secure could be a grub password (e.g) if a hack (old how-to) is still allowed ... (i suppose
  all vulnerabilities are patched yet).

How is an "outdated & unsecure" howto which defines how to set a password "a hack"? Again, setting a password was documented in the manual[2] for grub legacy, so following documented procedures is not really a "hack".

[2] https://www.gnu.org/software/grub/manual/legacy/grub.html#Security

  # does a grub2 password secure (unhackable ?) really the o.s ?
  # should you recommend it as a safe measure ?

  Securely sent with Tutanota.


  Visible links
  1. https://linoxide.com/linux-how-to/set-grub-password/

For more information, please reread.

Attachment: signature.asc
Description: PGP signature

Reply to: