Security and grub2 (was: Debian Project News - May 31st, 2010)

[Colin Watson]

[Sorry, I'm reading this through the Alioth list archives and don't have
Wolfgang's e-mail address.  Please forward as appropriate.]

On Mon, May 31, 2010 at 03:56:43PM +0200, Alexander Reichle-Schmehl wrote:
> Hi Wolfgang,
> 
> Am 31.05.2010 15:33, schrieb Wolfgang Gruhn:
> 
> >> William Pitcock explained [17] that due to some limitations (for example
> >> in the size of supported kernels) the boot loader LILO [18] is about to
> >> be removed from the upcoming release of Debian 6.0 "Squeeze". He
> >> therefore asked users to test the replacement boot loader GRUB 2 [19].
> > GRUB version 2 cannot be accepted (because of security reasons) as long
> > as the PASSWORD command is ignored. Please inform the developers to use
> > GRUB version 1 instead, thanks!

This is certainly out of date.

> To the best of my knowledge, GRUB 2 supports restricting different boot
> menus in a far more flexible way than GRUB 1 did.  I found a small
> introduction at http://grub.enbug.org/Authentication, however I'm unsure
> about the plain text passwords statement and how to best integrate that
> into Debian's configuration handling.

PBKDF2 hashed passwords, as documented in the lower part of that page,
are supported in the current version in testing.  There's no
grub-mkconfig (a.k.a. update-grub) support for either plain-text or
hashed passwords, so you won't find either in /etc/default/grub, but
it's perfectly possible to add this to one of the scripts in
/etc/grub.d/ and do whatever you want.

> GRUB maintainers, could you please comment on that?

Mostly it needs some half-decent documentation, and selection of one or
two primary workflows to automate via the standard grub-mkconfig
scripts.  Saying that it "cannot be accepted (because of security
reasons)" seems like a bit of an overreaction, though.

Thanks,

-- 
Colin Watson                                       [cjwatson at debian.org]