Bug 50528

Summary: 5 char grub password not accepted
Product: [Retired] Red Hat Linux Reporter: Gerald Teschl <gt>
Component: anacondaAssignee: Jeremy Katz <katzj>
Status: CLOSED RAWHIDE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-08-01 19:41:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gerald Teschl 2001-07-31 21:51:14 UTC
The GUI install will not accept a 5 char grub password!? This makes no
sense. Give a warning if you want, but remove this check!

BTW, why can I add a grub password but not a lilo password?

Comment 1 Jeremy Katz 2001-07-31 22:03:21 UTC
*** Bug 50529 has been marked as a duplicate of this bug. ***

Comment 2 Michael Fulbright 2001-08-01 15:30:42 UTC
Assigning to an engineer for consideration.

BTW, my understand of LILO passwords is they are so weak they are pointless.

Comment 3 Jeremy Katz 2001-08-01 16:42:15 UTC
Saying that we should allow shorter passwords for this is kind of like saying we
should allow for shorter root passwords.  Security and convenience are always a
tradeoff and the convenience in having a short bootloader password is outweighed
by having a more secure password IMHO.  

LILO passwords are not supported because all of the LILO variants (which share
code) don't have password support and lilo's password support is not nearly as
useful (and brings in a plethora of other questions about whether it's
restricting the image, do you set restricted, etc)

Comment 4 Gerald Teschl 2001-08-01 19:41:30 UTC
It is fine if you warn a user, but the user should be able to choose. (If
we wanted an operating system which tells us what to do we wold all be using
M$.) In particular since the user can choose not to install a password at all!
With the current situation many people will just choose non at all if
they cant use their easy to remember one.

The boot password will not be used very often (in comparison to the
root password). People will not be able to find it by watching you type
it since you will hardly ever type it. But if you want to make it more
secure I would start by removing the read permissions from grub.conf if
a password is set!!!!

Concerning lilo: Just add "restriced" as default! Why is the lilo password
support not useful!? It prevents people from booting into single user
mode and this is all I want!!! And a weak wall is better than non at all!

Comment 5 Jeremy Katz 2001-08-01 21:58:19 UTC
Changed to only require it to be one character and just use a warning dialog for
passwords less than six characters.

As to the permissions, hrmm... I had that chmod in there at one point, not sure
where it disappeared to, added back in cvs.

LILO passwords for this release at least are not happening.  Screens are frozen
and help screens written so that they can be translated.  Maybe for the next
release, but I personally would like to move away from LILO.

Comment 6 Gerald Teschl 2001-08-02 10:50:14 UTC
Thanks! I understand that its to late lof lilo now.