From: "Michał Radomski" <ezzo@poczta.pl>
To: The development of GRUB 2 <grub-devel@gnu.org>
Subject: Re: Menu locks / password authentication
Date: Mon, 9 Mar 2009 11:49:51 +0100 [thread overview]
Message-ID: <20090309104951.GB15511@vm93.example.net> (raw)
In-Reply-To: <49B4C240.5050105@gmail.com>
On Mon, Mar 09, 2009 at 08:16:16AM +0100, phcoder wrote:
> Michał Radomski wrote:
>> On Fri, Feb 27, 2009 at 09:53:27PM +0100, Robert Millan wrote:
>>> It's funny, we're all discussing about performing security measurements in
>>> GRUB and nobody mentioned that our user interface lacks even the most basic
>>> lock mechanism :-)
>>>
>> Actualy... I'm working on password command...
>>
>> At this moment I have plain password checking and almost finished MD5
>> support.
>>
> What is your design? Is it expandable? Flexible?
>
Flexible Yes, expandable I think yes.
Password checking is implemented as grub module, which blocks grub
execution until user supply a valid password. Take a look at 2 sample
configs:
# this config will wait for valid password
# after that it will show grub menu
set timeout=5
password --plain qwerty
menuentry "Linux" {
set root=(hd0,1)
linux /vmlinuz26 root=/dev/sda1 ro
initrd /kernel26.img
}
# this config will show menu, but if user would like to boot os,
# it will ask for a password.
set timeout=5
menuentry "Linux" {
password --md5 md5_hash
set root=(hd0,1)
linux /vmlinuz26 root=/dev/sda1 ro
initrd /kernel26.img
}
md5 algoritm is implemented as a library(grub2/lib), So it can by easy
used in other source files.
I've also think about more complex solution (password file)
And I think that it is possible to add, without many changes.
--
- - (_ _) Regards -----, (_ _) - -
- ',' | Michał Radomski <ezzo (at) poczta (dot) pl> | ',' -
- - vv- `--- -vv - -
next prev parent reply other threads:[~2009-03-09 10:50 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-02-27 20:53 Menu locks / password authentication Robert Millan
2009-03-03 15:32 ` Vesa Jääskeläinen
2009-03-04 21:04 ` Robert Millan
2009-03-08 22:14 ` Michał Radomski
2009-03-09 7:16 ` phcoder
2009-03-09 10:49 ` Michał Radomski [this message]
2009-03-09 10:57 ` phcoder
2009-03-09 20:53 ` Michał Radomski
2009-03-09 22:37 ` phcoder
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090309104951.GB15511@vm93.example.net \
--to=ezzo@poczta.pl \
--cc=grub-devel@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.