a security bug..........

grub-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

a security bug..........

From:	mathan gopal
Subject:	a security bug..........
Date:	Thu, 15 Jul 2004 19:19:19 -0700 (PDT)

Hello everyone,
               Actually i'm using grub-0.93 version.As
a matter of security,i tried to password protect my
grub.conf by adding a line password=<mypasswd> to the
kernel definition in the grub.conf file.Now i thought
everyhting is o.k.But when i rebooted my system and
pressed 'e' on the grub interface,the entire
definition of my kernel image,along with the line
password was diplayed!!!!!!!!!!!Now,anyone can read
the password and use tht passwd to pass kernel
paramaeters.
Although,there is one way to password protect the menu
itself,i feel tht it'd be better if we can protect the
password of the kernel definition from being diplayed
on the interface.

Hope someone would hav found this mistake already.
i have not worked with the updated versions of grub.
do anyone know whether this mitake was rectified in
the latest version??????????

Also i had gone thru' the source code of grub0.93.
We can modify it to rectify this mistake by modifying
the print_entries() funtion of stage2.c file.

If not,pls do the change in th GRUB 2.0.
Hope,i'll get a reply from someone regarding this. 

with regards
mathan


                
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail

[Prev in Thread]

Current Thread

[Next in Thread]

a security bug.........., mathan gopal <=

Prev by Date: Re: Linux loader for the PPC
Next by Date: website update required
Previous by thread: Linux loader for the PPC
Next by thread: website update required
Index(es):
- Date
- Thread