From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with archive (Exim 4.43)
	id 1LgdB4-0006nI-R9
	for mharc-grub-devel@gnu.org; Mon, 09 Mar 2009 06:57:46 -0400
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1LgdB3-0006l2-Hd
	for grub-devel@gnu.org; Mon, 09 Mar 2009 06:57:45 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1LgdB2-0006h1-2N
	for grub-devel@gnu.org; Mon, 09 Mar 2009 06:57:45 -0400
Received: from [199.232.76.173] (port=41759 helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1LgdB1-0006gp-M8
	for grub-devel@gnu.org; Mon, 09 Mar 2009 06:57:43 -0400
Received: from mail-bw0-f172.google.com ([209.85.218.172]:37756)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phcoder@gmail.com>) id 1LgdB1-0004cV-4y
	for grub-devel@gnu.org; Mon, 09 Mar 2009 06:57:43 -0400
Received: by bwz20 with SMTP id 20so1045264bwz.42
	for <grub-devel@gnu.org>; Mon, 09 Mar 2009 03:57:40 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from
	:user-agent:mime-version:to:subject:references:in-reply-to
	:content-type:content-transfer-encoding;
	bh=6HJ6ogSWHEJBWrkGjjvRvE0NZyYILcbJdabS8bm8Z1g=;
	b=lkUpOLiw19xq2X/nLil+eU5LnOk0AH7OAPBuzjVfPPrrfjNvXmljsabTYR2s4SA1MN
	BsgsGzo0UsAxHe3ESM+ht+HETNKl/g4WJciQR3x9yQTEXfxJQT1KlE3k6bx59QPrFwa7
	qV7m/Rg71ApFfHM93rIUvUEMomX/Sk5xNYJY8=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:user-agent:mime-version:to:subject:references
	:in-reply-to:content-type:content-transfer-encoding;
	b=ctKeoXwExsooC6dyMo89BSU8KwSxTg/OcN5XmqGKzLzAO1KFZRw5/3g+lkmAoTZS0A
	OtJMeF6/viFuCE/9ZIE4PynQHT5rmn/8RIVF8ZNb8rApauBHfZj0D2EaIMiBV8966lTy
	lswtV2A//Mf3rhsfsAceasOrCbxESgzX2RZzI=
Received: by 10.223.124.147 with SMTP id u19mr4371183far.28.1236596260801;
	Mon, 09 Mar 2009 03:57:40 -0700 (PDT)
Received: from ?82.130.80.175? (hg-public-dock-175-dhcp.ethz.ch
	[82.130.80.175])
	by mx.google.com with ESMTPS id 35sm5880939fkt.3.2009.03.09.03.57.40
	(version=SSLv3 cipher=RC4-MD5); Mon, 09 Mar 2009 03:57:40 -0700 (PDT)
Message-ID: <49B4F624.4050503@gmail.com>
Date: Mon, 09 Mar 2009 11:57:40 +0100
From: phcoder <phcoder@gmail.com>
User-Agent: Thunderbird 2.0.0.19 (X11/20090105)
MIME-Version: 1.0
To: The development of GRUB 2 <grub-devel@gnu.org>
References: <20090227205327.GA32242@thorin>	<20090308221449.GA15511@vm93.example.net>	<49B4C240.5050105@gmail.com>
	<20090309104951.GB15511@vm93.example.net>
In-Reply-To: <20090309104951.GB15511@vm93.example.net>
Content-Type: text/plain; charset=ISO-8859-2; format=flowed
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by monty-python.gnu.org: GNU/Linux 2.6 (newer, 2)
Subject: Re: Menu locks / password authentication
X-BeenThere: grub-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: The development of GRUB 2 <grub-devel@gnu.org>
List-Id: The development of GRUB 2 <grub-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/grub-devel>
List-Post: <mailto:grub-devel@gnu.org>
List-Help: <mailto:grub-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/grub-devel>,
	<mailto:grub-devel-request@gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Mar 2009 10:57:45 -0000

Micha³ Radomski wrote:
> On Mon, Mar 09, 2009 at 08:16:16AM +0100, phcoder wrote:
>> Micha³ Radomski wrote:
>>> On Fri, Feb 27, 2009 at 09:53:27PM +0100, Robert Millan wrote:
>>>> It's funny, we're all discussing about performing security measurements in
>>>> GRUB and nobody mentioned that our user interface lacks even the most basic
>>>> lock mechanism :-)
>>>>
>>> Actualy... I'm working on password command... 
>>>
>>> At this moment I have plain password checking and almost finished MD5 
>>> support.
>>>
>> What is your design? Is it expandable? Flexible?
>>
> Flexible Yes, expandable I think yes. 
> 
> Password checking is implemented as grub module, which blocks grub
> execution until user supply a valid password. Take a look at 2 sample
> configs: 
> 
> # this config will wait for valid password 
> # after that it will show grub menu 
> set timeout=5
> password --plain qwerty 
> 
> menuentry "Linux" {
> set root=(hd0,1)
> linux /vmlinuz26 root=/dev/sda1 ro
> initrd /kernel26.img
> }
>  
> # this config will show menu, but if user would like to boot os,
> # it will ask for a password.  
> set timeout=5
> 
> menuentry "Linux" {
> password --md5 md5_hash  
> set root=(hd0,1)
> linux /vmlinuz26 root=/dev/sda1 ro
> initrd /kernel26.img
> }
> 
> 
> md5 algoritm is implemented as a library(grub2/lib), So it can by easy
> used in other source files. 
> 
> I've also think about more complex solution (password file)
> And I think that it is possible to add, without many changes. 
> 
> 

What prevents an attacker from simply pressing 'e' or 'c' in menu? I 
personally would prefer the architecture with users as I described. Also 
I would recommend using other hashes that md5 (e.g. whirlpool or sha-2) 
because it's been depreceated
And blocking is a bad idea because if a legitimate user accidently 
chooses wrong entry he can't press ESC to go back.
Do you already have a copyright assignment?

-- 

Regards
Vladimir 'phcoder' Serbinenko