Bug 50528 - 5 char grub password not accepted
5 char grub password not accepted
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Brock Organ
:
: 50529 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-07-31 17:51 EDT by Gerald Teschl
Modified: 2007-04-18 12:35 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-08-01 15:41:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gerald Teschl 2001-07-31 17:51:14 EDT
The GUI install will not accept a 5 char grub password!? This makes no
sense. Give a warning if you want, but remove this check!

BTW, why can I add a grub password but not a lilo password?
Comment 1 Jeremy Katz 2001-07-31 18:03:21 EDT
*** Bug 50529 has been marked as a duplicate of this bug. ***
Comment 2 Michael Fulbright 2001-08-01 11:30:42 EDT
Assigning to an engineer for consideration.

BTW, my understand of LILO passwords is they are so weak they are pointless.
Comment 3 Jeremy Katz 2001-08-01 12:42:15 EDT
Saying that we should allow shorter passwords for this is kind of like saying we
should allow for shorter root passwords.  Security and convenience are always a
tradeoff and the convenience in having a short bootloader password is outweighed
by having a more secure password IMHO.  

LILO passwords are not supported because all of the LILO variants (which share
code) don't have password support and lilo's password support is not nearly as
useful (and brings in a plethora of other questions about whether it's
restricting the image, do you set restricted, etc)
Comment 4 Gerald Teschl 2001-08-01 15:41:30 EDT
It is fine if you warn a user, but the user should be able to choose. (If
we wanted an operating system which tells us what to do we wold all be using
M$.) In particular since the user can choose not to install a password at all!
With the current situation many people will just choose non at all if
they cant use their easy to remember one.

The boot password will not be used very often (in comparison to the
root password). People will not be able to find it by watching you type
it since you will hardly ever type it. But if you want to make it more
secure I would start by removing the read permissions from grub.conf if
a password is set!!!!

Concerning lilo: Just add "restriced" as default! Why is the lilo password
support not useful!? It prevents people from booting into single user
mode and this is all I want!!! And a weak wall is better than non at all!
Comment 5 Jeremy Katz 2001-08-01 17:58:19 EDT
Changed to only require it to be one character and just use a warning dialog for
passwords less than six characters.

As to the permissions, hrmm... I had that chmod in there at one point, not sure
where it disappeared to, added back in cvs.

LILO passwords for this release at least are not happening.  Screens are frozen
and help screens written so that they can be translated.  Maybe for the next
release, but I personally would like to move away from LILO.
Comment 6 Gerald Teschl 2001-08-02 06:50:14 EDT
Thanks! I understand that its to late lof lilo now.

Note You need to log in before you can comment on or make changes to this bug.