Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have grub 2 with dual boot (Ubuntu + Win7). What is worst damage someone can do to me by taking advantage of grub not being password protected? (Assuming I have no problem to let anyone attempt to login on either Ubuntu or Win7)
IMO, if you trust the people who have physical access to this machine, then there's no point in using a grub password, since it is set to avoid anyone who doesn't know it to boot any installed OS. And even if you had a grub password set, anyone with physical access to the machine could easily use a live CD to bypass grub and access the files in the system.
Last edited by Hungry ghost; 10-18-2012 at 06:58 PM.
And even if you had a grub password set, anyone with physical access to the machine could easily use a live CD to bypass grub and access the files in the system.
The BIOS is password protected, and I assumed the enemy does not have time to actually take apart my computer.
The question is, can any damage be done through the "Grub Console"?
does password protecting the bios prevent booting from live medium?
generally, yes. But not on all machines.
Mine for instance where I set no USB devices in the boot list, if I stick a USB bootable in and reboot, it will boot off of it. Yes, I saved settings in the BIOS on the way out. GIGABYTE GA-Z77-DS3H LGA 1155 Intel Z7 motherboard with American Megatrends BIOS, version unknown atm.
There is no real security if one has access to a system. Even too high of permissions could allow one to change bios settings from an OS. This is the thought behind the entire new bios scheme, to protect against this sort of attack.
One of the best tools I have seen is the hardware encryption that some laptops have. Unfortunately they have ways around a few of them.
generally, yes. But not on all machines.
Mine for instance where I set no USB devices in the boot list, if I stick a USB bootable in and reboot, it will boot off of it. Yes, I saved settings in the BIOS on the way out. GIGABYTE GA-Z77-DS3H LGA 1155 Intel Z7 motherboard with American Megatrends BIOS, version unknown atm.
Greetings Habitual
Just curious, have you also reordered the boot order so it boots off the HDD first ? if needed I can still hit f11 to get to a boot menu (MSI mobo) for usb or whatnot, but only after I type in the password. YMMV
Greetings Habitual
Just curious, have you also reordered the boot order so it boots off the HDD first ? if needed I can still hit f11 to get to a boot menu (MSI mobo) for usb or whatnot, but only after I type in the password. YMMV
weirdwolf:
I have only removed items from the boot list in BIOS
SATA0 (HD) and
SATA1(DVD device) in that order.
Also on this board, if I press F12 ('boot from') I can 'see' all the USB and SATA devices in the 'boot list'. This includes the printer.
My Lenovo BIOS has a similar issue with the 3T WD storage device (not a bootable device).
If I plug it in during pre-POST, the machine hangs.
WD Support (Level 1?) said to "change the boot order in the BIOS" to which I replied "It's NOT marked bootable and isn't even in the 'boot list'."
He gave me a url for a firmware upgrade which made no difference.
I have NOT had that issue on the GIGABYTE GA-Z77-DS3H LGA 1155 Intel Z7motherboard.
Have a Great Day!
Edit: I too use a PowerOnPassword for just such a reason.
There is no Security without physical security.
But now-a-days, even a punk BIOS password means nothing if they want the data.
They'll just clone the target and boot up elsewhere and mount it.
weirdwolf:
Edit: I too use a PowerOnPassword for just such a reason.
There is no Security without physical security.
But now-a-days, even a punk BIOS password means nothing if they want the data.
They'll just clone the target and boot up elsewhere and mount it.
Passwords makes things difficult, not impossible.
Yep, a p.o.p. just keeps the mildly curious and the lazy out. If you were to be worried then some sort of full disk encryption may be a consideration thus negating any cloning or whatnot.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.