LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-18-2012, 07:45 PM   #1
LordOfer
LQ Newbie
 
Registered: Jul 2004
Location: Israel
Distribution: Fedora 2
Posts: 21

Rep: Reputation: 0
How Important is it to Password Protect Grub?


I have grub 2 with dual boot (Ubuntu + Win7). What is worst damage someone can do to me by taking advantage of grub not being password protected? (Assuming I have no problem to let anyone attempt to login on either Ubuntu or Win7)

Thanks!
Ofer
 
Old 10-18-2012, 07:57 PM   #2
odiseo77
Senior Member
 
Registered: Dec 2004
Location: Caracas, Venezuela
Distribution: Debian Sid, OpenSUSE 13.2
Posts: 1,147

Rep: Reputation: 506Reputation: 506Reputation: 506Reputation: 506Reputation: 506Reputation: 506
IMO, if you trust the people who have physical access to this machine, then there's no point in using a grub password, since it is set to avoid anyone who doesn't know it to boot any installed OS. And even if you had a grub password set, anyone with physical access to the machine could easily use a live CD to bypass grub and access the files in the system.

Last edited by odiseo77; 10-18-2012 at 07:58 PM.
 
Old 10-18-2012, 08:42 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,374

Rep: Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198
I think it is almost useless to password protect it unless this is in a kiosk locked enclosure.
 
Old 10-19-2012, 01:40 AM   #4
LordOfer
LQ Newbie
 
Registered: Jul 2004
Location: Israel
Distribution: Fedora 2
Posts: 21

Original Poster
Rep: Reputation: 0
Thanks guys.


Quote:
And even if you had a grub password set, anyone with physical access to the machine could easily use a live CD to bypass grub and access the files in the system.
The BIOS is password protected, and I assumed the enemy does not have time to actually take apart my computer.


The question is, can any damage be done through the "Grub Console"?
 
Old 10-19-2012, 01:48 AM   #5
WFV
Member
 
Registered: Apr 2012
Location: CA
Distribution: Arch
Posts: 66

Rep: Reputation: Disabled
does password protecting the bios prevent booting from live medium?
 
Old 10-19-2012, 08:19 AM   #6
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,158
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Quote:
Originally Posted by WFV View Post
does password protecting the bios prevent booting from live medium?
generally, yes. But not on all machines.
Mine for instance where I set no USB devices in the boot list, if I stick a USB bootable in and reboot, it will boot off of it. Yes, I saved settings in the BIOS on the way out.
GIGABYTE GA-Z77-DS3H LGA 1155 Intel Z7 motherboard with American Megatrends BIOS, version unknown atm.
 
1 members found this post helpful.
Old 10-19-2012, 04:53 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 15,374

Rep: Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198Reputation: 2198
There is no real security if one has access to a system. Even too high of permissions could allow one to change bios settings from an OS. This is the thought behind the entire new bios scheme, to protect against this sort of attack.

One of the best tools I have seen is the hardware encryption that some laptops have. Unfortunately they have ways around a few of them.
 
1 members found this post helpful.
Old 10-22-2012, 09:32 PM   #8
WFV
Member
 
Registered: Apr 2012
Location: CA
Distribution: Arch
Posts: 66

Rep: Reputation: Disabled
Thanks

thankks for replies on the BIOS password question
 
Old 10-22-2012, 11:24 PM   #9
weirdwolf
Member
 
Registered: Jun 2007
Location: 1 AU from a G2V star
Distribution: PCLinuxOS LXDE
Posts: 164

Rep: Reputation: 359Reputation: 359Reputation: 359Reputation: 359
Quote:
Originally Posted by Habitual View Post
generally, yes. But not on all machines.
Mine for instance where I set no USB devices in the boot list, if I stick a USB bootable in and reboot, it will boot off of it. Yes, I saved settings in the BIOS on the way out.
GIGABYTE GA-Z77-DS3H LGA 1155 Intel Z7 motherboard with American Megatrends BIOS, version unknown atm.
Greetings Habitual
Just curious, have you also reordered the boot order so it boots off the HDD first ? if needed I can still hit f11 to get to a boot menu (MSI mobo) for usb or whatnot, but only after I type in the password. YMMV
 
Old 10-23-2012, 08:43 AM   #10
Habitual
LQ Addict
 
Registered: Jan 2011
Location: Youngstown, Ohio
Distribution: LM17.1/Xfce4.11.8
Posts: 7,158
Blog Entries: 10

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
Quote:
Originally Posted by weirdwolf View Post
Greetings Habitual
Just curious, have you also reordered the boot order so it boots off the HDD first ? if needed I can still hit f11 to get to a boot menu (MSI mobo) for usb or whatnot, but only after I type in the password. YMMV
weirdwolf:
I have only removed items from the boot list in BIOS
SATA0 (HD) and
SATA1(DVD device) in that order.

Also on this board, if I press F12 ('boot from') I can 'see' all the USB and SATA devices in the 'boot list'. This includes the printer.

My Lenovo BIOS has a similar issue with the 3T WD storage device (not a bootable device).
If I plug it in during pre-POST, the machine hangs.

WD Support (Level 1?) said to "change the boot order in the BIOS" to which I replied "It's NOT marked bootable and isn't even in the 'boot list'."

He gave me a url for a firmware upgrade which made no difference.

I have NOT had that issue on the GIGABYTE GA-Z77-DS3H LGA 1155 Intel Z7motherboard.

Have a Great Day!

Edit: I too use a PowerOnPassword for just such a reason.
There is no Security without physical security.
But now-a-days, even a punk BIOS password means nothing if they want the data.
They'll just clone the target and boot up elsewhere and mount it.

Passwords makes things difficult, not impossible.

Last edited by Habitual; 10-23-2012 at 08:51 AM.
 
Old 10-24-2012, 03:06 PM   #11
weirdwolf
Member
 
Registered: Jun 2007
Location: 1 AU from a G2V star
Distribution: PCLinuxOS LXDE
Posts: 164

Rep: Reputation: 359Reputation: 359Reputation: 359Reputation: 359
Quote:
Originally Posted by Habitual View Post
weirdwolf:
Edit: I too use a PowerOnPassword for just such a reason.
There is no Security without physical security.
But now-a-days, even a punk BIOS password means nothing if they want the data.
They'll just clone the target and boot up elsewhere and mount it.

Passwords makes things difficult, not impossible.
Yep, a p.o.p. just keeps the mildly curious and the lazy out. If you were to be worried then some sort of full disk encryption may be a consideration thus negating any cloning or whatnot.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password protect souvik Programming 3 11-06-2015 02:35 PM
How to password protect an app... Quads Linux - Newbie 4 05-02-2009 12:17 PM
Password Protect External HD andiman56 Linux - Hardware 1 05-21-2007 11:54 AM
How do I password protect a HD? randell6564 Ubuntu 3 10-31-2006 02:03 PM
simple Password protect Titan Linux - Security 1 09-25-2006 04:57 PM


All times are GMT -5. The time now is 01:02 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration