Re: Menu locks / password authentication

[Robert Millan <rmh@aybabtu.com>]

On Tue, Mar 03, 2009 at 05:32:40PM +0200, Vesa Jääskeläinen wrote:
> Robert Millan wrote:
> > It's funny, we're all discussing about performing security measurements in
> > GRUB and nobody mentioned that our user interface lacks even the most basic
> > lock mechanism :-)
> > 
> > Perhaps this would be a good time to retake the discussion on implementing
> > an equivalent to "lock" and "password" commands.  I think I even sent a patch
> > a while ago!
> > 
> > Vesa, do you still think we should design an extensible framework for
> > authentication before we do anything else?  I think it'd be interesting if
> > we could implement the lock/password paradigm, even if later it would be
> > replaced, since our users commonly need this, and it's blocking the
> > transition from GRUB Legacy.
> 
> I think that most important thing at this time is to match needed
> functionality with GRUB legacy. So just make it clean and perhaps think
> a bit about how it can be easily extended :).
> 
> I think there was some hash algorithms posted previously that could be
> used for this.

Hashing is nice, but basic password support can work without hash.  If you
give grub.cfg the proper perms, that is.

Anyway, for those interested:

  http://www.mail-archive.com/grub-devel@gnu.org/msg05350.html

-- 
Robert Millan

  The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
  how) you may access your data; but nobody's threatening your freedom: we
  still allow you to remove your data and not access it at all."