Re: [RFC] Boot parameters and geometrical stability

[phcoder]

Vesa Jääskeläinen wrote:
> phcoder wrote:
>> Yes it is, but in my opinion price is too high (shame ubuntu uses this
>> solution). It's somewhat similar to some solutions found in windows when
>>   for user convenience they open a big gate for the hackers (e.g. all
>> users by default are administrators in winxp)
> 
> Well... That is your opinion. I acknowledge that it opens another door
> for local hacker. But if you are able to do that, then you can do some
> other actions that are much more fatal...
If attacker is unable to open computer, bios is under password, boots
only from HD and grub is password-protected than I don't see which other
action can lead to the same result (complete control of computer).
> 
> But the gain can still supersede the security need. Its kinda same thing
> that you are required to change your password monthly. People start
> putting those on stickers and then the game is lost anyway.
> 
This is eternal problem of security and its cost (see B.Schneier Beyond
Fear). If someone find this compromise of security OK on his computer
then fine. Just the user has at least to be warned about security risks
it represents and have an alternative. I think a WARNING with
description of the problem with a promt after it and possibility to do
it otherwise (with hardware path or entering the disk manually) should
be enough.

Vladimir 'phcoder' Serbinenko