[prev in list] [next in list] [prev in thread] [next in thread] 

List:       grub-devel
Subject:    a security bug..........
From:       mathan gopal <mvgpal1 () yahoo ! com>
Date:       2004-07-16 2:19:19
Message-ID: 20040716021919.2831.qmail () web20104 ! mail ! yahoo ! com
[Download RAW message or body]

Hello everyone,
               Actually i'm using grub-0.93 version.As
a matter of security,i tried to password protect my
grub.conf by adding a line password=<mypasswd> to the
kernel definition in the grub.conf file.Now i thought
everyhting is o.k.But when i rebooted my system and
pressed 'e' on the grub interface,the entire
definition of my kernel image,along with the line
password was diplayed!!!!!!!!!!!Now,anyone can read
the password and use tht passwd to pass kernel
paramaeters.
Although,there is one way to password protect the menu
itself,i feel tht it'd be better if we can protect the
password of the kernel definition from being diplayed
on the interface.

Hope someone would hav found this mistake already.
i have not worked with the updated versions of grub.
do anyone know whether this mitake was rectified in
the latest version??????????

Also i had gone thru' the source code of grub0.93.
We can modify it to rectify this mistake by modifying
the print_entries() funtion of stage2.c file.

If not,pls do the change in th GRUB 2.0.
Hope,i'll get a reply from someone regarding this. 

with regards
mathan


		
__________________________________
Do you Yahoo!?
Yahoo! Mail - 50x more storage than other providers!
http://promotions.yahoo.com/new_mail



[prev in list] [next in list] [prev in thread] [next in thread]