Security testing: need for a security policy, and a security-critical package process
Bruno Wolff III
bruno at wolff.to
Tue Dec 1 01:48:08 UTC 2009
On Mon, Nov 30, 2009 at 16:39:05 -0500,
Gene Czarcinski <gene at czarc.net> wrote:
>
> As I see it, the problem is that without a grub password, then an un-
> privileged user can edit the command line to disable selinux or bootup in
> single user mode.
>
> On the other hand, there is also "good enough" versus perfect. In a perfect
> world, a user would (by default) be required to enter that password. In a
> "good enough" world, have the option to set the password.
If the threat model includes actively malicious people at the console, I'd
rather see encrypted file systems than a grub password. (And that doesn't
help if you don't realize that a malicious person may have had access
and that you shouldn't trust the system any more.)
More information about the Fedora-security-list
mailing list