On Fri, 2008-01-11 at 16:42 -0500, Robert P. J. Day wrote: > but here's something i just noticed that strikes me as weird -- if you > have a grub password, you'll need to enter it to edit the boot line, > but you *don't* need it to simply make a non-default selection. i > *think* i've just verified that, but if someone else wants to confirm > it, feel free. that seems like a security hole. If you want password protected menu items, you must put password commands into those stanzas. Either a "lock" command so you enter the password previously set. Or a password command to have individual passwords for different menu items. I do that for some of them (e.g. I have "boot from floppy" menu options, and "begrudgingly boot ye olde Windows," that I protect against), but leave other things fine (e.g. memtest can be run, different kernels for this Linux can be run, and I have a halt entry to turn off the box without having to hang onto the power button - useful if you accidentally rebooted instead of shutdown). -- [tim@bigblack ~]$ uname -ipr 2.6.23.12-52.fc7 i686 i386 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. ________________________________________________________________ If I wanted a hard time I would have used Windows...
