On Sat, Sep 23, 2006 at 07:45:03PM +0200, Ola Thoresen wrote: > It could ofcourse be made configureable, but then the same thing should > be done for the "Interactive boot". Then there are times when you need > it even if it is turned off in the config-file, so you would need to be > able to override it from grub, Adding a security measure in place that is overridable makes no sense. grub has to be hardened as well, if you harden the rest of the boot process. Unless you meant using grub with password protection, an authorized override is OK, of course. > and then my question is - what are the _real_ security gained from > this? Think of non-authorized persons sitting in front of the system, power-cycling it, and manipulating the system boot-up (examples are publicly exposed systems like student labs). -- Axel.Thimm at ATrpms.net
Attachment:
pgp4UqJd0MeYu.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
