50528 – 5 char grub password not accepted

Bug 50528 - 5 char grub password not accepted

Summary: 5 char grub password not accepted

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	anaconda
Sub Component:
Version:	7.3
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Jeremy Katz
QA Contact:	Brock Organ
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	50529 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-07-31 21:51 UTC by Gerald Teschl
Modified:	2007-04-18 16:35 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-08-01 19:41:35 UTC
Embargoed:

Attachments	(Terms of Use)

Description Gerald Teschl 2001-07-31 21:51:14 UTC

The GUI install will not accept a 5 char grub password!? This makes no
sense. Give a warning if you want, but remove this check!

BTW, why can I add a grub password but not a lilo password?

Comment 1 Jeremy Katz 2001-07-31 22:03:21 UTC

*** Bug 50529 has been marked as a duplicate of this bug. ***

Comment 2 Michael Fulbright 2001-08-01 15:30:42 UTC

Assigning to an engineer for consideration.

BTW, my understand of LILO passwords is they are so weak they are pointless.

Comment 3 Jeremy Katz 2001-08-01 16:42:15 UTC

Saying that we should allow shorter passwords for this is kind of like saying we
should allow for shorter root passwords.  Security and convenience are always a
tradeoff and the convenience in having a short bootloader password is outweighed
by having a more secure password IMHO.  

LILO passwords are not supported because all of the LILO variants (which share
code) don't have password support and lilo's password support is not nearly as
useful (and brings in a plethora of other questions about whether it's
restricting the image, do you set restricted, etc)

Comment 4 Gerald Teschl 2001-08-01 19:41:30 UTC

It is fine if you warn a user, but the user should be able to choose. (If
we wanted an operating system which tells us what to do we wold all be using
M$.) In particular since the user can choose not to install a password at all!
With the current situation many people will just choose non at all if
they cant use their easy to remember one.

The boot password will not be used very often (in comparison to the
root password). People will not be able to find it by watching you type
it since you will hardly ever type it. But if you want to make it more
secure I would start by removing the read permissions from grub.conf if
a password is set!!!!

Concerning lilo: Just add "restriced" as default! Why is the lilo password
support not useful!? It prevents people from booting into single user
mode and this is all I want!!! And a weak wall is better than non at all!

Comment 5 Jeremy Katz 2001-08-01 21:58:19 UTC

Changed to only require it to be one character and just use a warning dialog for
passwords less than six characters.

As to the permissions, hrmm... I had that chmod in there at one point, not sure
where it disappeared to, added back in cvs.

LILO passwords for this release at least are not happening.  Screens are frozen
and help screens written so that they can be translated.  Maybe for the next
release, but I personally would like to move away from LILO.

Comment 6 Gerald Teschl 2001-08-02 10:50:14 UTC

Thanks! I understand that its to late lof lilo now.

Note You need to log in before you can comment on or make changes to this bug.