On Mon, Nov 30, 2009 at 16:39:05 -0500, Gene Czarcinski <gene@xxxxxxxxx> wrote: > > As I see it, the problem is that without a grub password, then an un- > privileged user can edit the command line to disable selinux or bootup in > single user mode. > > On the other hand, there is also "good enough" versus perfect. In a perfect > world, a user would (by default) be required to enter that password. In a > "good enough" world, have the option to set the password. If the threat model includes actively malicious people at the console, I'd rather see encrypted file systems than a grub password. (And that doesn't help if you don't realize that a malicious person may have had access and that you shouldn't trust the system any more.) -- Fedora-security-list mailing list Fedora-security-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-security-list