[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Menu locks / password authentication
From: |
Michał Radomski |
Subject: |
Re: Menu locks / password authentication |
Date: |
Mon, 9 Mar 2009 11:49:51 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Mon, Mar 09, 2009 at 08:16:16AM +0100, phcoder wrote:
> Michał Radomski wrote:
>> On Fri, Feb 27, 2009 at 09:53:27PM +0100, Robert Millan wrote:
>>> It's funny, we're all discussing about performing security measurements in
>>> GRUB and nobody mentioned that our user interface lacks even the most basic
>>> lock mechanism :-)
>>>
>> Actualy... I'm working on password command...
>>
>> At this moment I have plain password checking and almost finished MD5
>> support.
>>
> What is your design? Is it expandable? Flexible?
>
Flexible Yes, expandable I think yes.
Password checking is implemented as grub module, which blocks grub
execution until user supply a valid password. Take a look at 2 sample
configs:
# this config will wait for valid password
# after that it will show grub menu
set timeout=5
password --plain qwerty
menuentry "Linux" {
set root=(hd0,1)
linux /vmlinuz26 root=/dev/sda1 ro
initrd /kernel26.img
}
# this config will show menu, but if user would like to boot os,
# it will ask for a password.
set timeout=5
menuentry "Linux" {
password --md5 md5_hash
set root=(hd0,1)
linux /vmlinuz26 root=/dev/sda1 ro
initrd /kernel26.img
}
md5 algoritm is implemented as a library(grub2/lib), So it can by easy
used in other source files.
I've also think about more complex solution (password file)
And I think that it is possible to add, without many changes.
--
- - (_ _) Regards -----, (_ _) - -
- ',' | Michał Radomski <ezzo (at) poczta (dot) pl> | ',' -
- - vv- `--- -vv - -