Bug 457627
Summary: | Access to root on boot before password request | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Chris Jones <joneschrisan> |
Component: | grub | Assignee: | Peter Jones <pjones> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 9 | CC: | security-response-team |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-08-04 07:17:35 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Chris Jones
2008-08-01 21:56:33 UTC
Chris, this is not a grub flaw, it's rather well-known behavior in all current and previous Fedora / Red Hat Enterprise Linux / Red Hat Linux versions. If you want to block attacker with physical access from booting to a single user mode, you should password-protect your grub configuration. As you also noted, in case of encrypted disks, you need to know encryption passwords to get root access. If you want to see the password prompt even in single user mode, you'd have to file RFE bug against initscripts, as that's the place where such prompt may be added. grub is very unlikely to ever have such feature (it's just not its purpose). |