Bug 47696 - Anaconda installs no GRUB password
Anaconda installs no GRUB password
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Brock Organ
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-06 10:34 EDT by Steve Bonneville
Modified: 2007-04-18 12:34 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-07-06 11:45:39 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Steve Bonneville 2001-07-06 10:34:35 EDT
Description of Problem:

The installer does not set a GRUB password to protect unauthorized
users from accessing command-line mode.  This is a problem because
arbitrary files on the filesystem can be viewed from GRUB's command
line with the 'cat' command.  This doesn't just expose /etc/shadow,
this exposes files that may contain clear-text passwords (example:
/etc/ldap.secret).

Steps to Reproduce:

  Given: System using GRUB as a bootloader, no password set, and
       / is on /dev/hda2 (hd0,1).  /etc/shadow is standing in for
       some arbitrary file.

  Boot the system, type <c> to get to the grub> prompt.
  grub>  cat (hd0,1)/etc/shadow

Actual Results:

  /etc/shadow is displayed

Additional Information:

  Setting a GRUB password still allows users to boot any
  predefined title entries without the password; it only
  locks out menu-editing and CLI mode.
	
  Users should be given the option at install time to set a
  GRUB password.  GRUB supports standard MD5 passwords.  I
  see some possible ways to fix this here:

  * A check box to set the GRUB password to the install-time
    root password, in the installer's bootloader selection 
    screen.
  * A text box in the bootloader selection screen to allow
    users to set an arbitrary GRUB password at install time.
Comment 1 Michael Fulbright 2001-07-06 11:45:35 EDT
We'll look at addressing this before beta 2.
Comment 2 Jeremy Katz 2001-07-10 15:30:28 EDT
You now have the option to set a grub password in gui, tui, and kickstart

Note You need to log in before you can comment on or make changes to this bug.