Red Hat Bugzilla – Bug 50528
5 char grub password not accepted
Last modified: 2007-04-18 12:35:21 EDT
The GUI install will not accept a 5 char grub password!? This makes no
sense. Give a warning if you want, but remove this check!
BTW, why can I add a grub password but not a lilo password?
*** Bug 50529 has been marked as a duplicate of this bug. ***
Assigning to an engineer for consideration.
BTW, my understand of LILO passwords is they are so weak they are pointless.
Saying that we should allow shorter passwords for this is kind of like saying we
should allow for shorter root passwords. Security and convenience are always a
tradeoff and the convenience in having a short bootloader password is outweighed
by having a more secure password IMHO.
LILO passwords are not supported because all of the LILO variants (which share
code) don't have password support and lilo's password support is not nearly as
useful (and brings in a plethora of other questions about whether it's
restricting the image, do you set restricted, etc)
It is fine if you warn a user, but the user should be able to choose. (If
we wanted an operating system which tells us what to do we wold all be using
M$.) In particular since the user can choose not to install a password at all!
With the current situation many people will just choose non at all if
they cant use their easy to remember one.
The boot password will not be used very often (in comparison to the
root password). People will not be able to find it by watching you type
it since you will hardly ever type it. But if you want to make it more
secure I would start by removing the read permissions from grub.conf if
a password is set!!!!
Concerning lilo: Just add "restriced" as default! Why is the lilo password
support not useful!? It prevents people from booting into single user
mode and this is all I want!!! And a weak wall is better than non at all!
Changed to only require it to be one character and just use a warning dialog for
passwords less than six characters.
As to the permissions, hrmm... I had that chmod in there at one point, not sure
where it disappeared to, added back in cvs.
LILO passwords for this release at least are not happening. Screens are frozen
and help screens written so that they can be translated. Maybe for the next
release, but I personally would like to move away from LILO.
Thanks! I understand that its to late lof lilo now.