If an attacker is sitting at the machine, they already have full control of the system. They can easily pull the hard drive, image it, or do any number of things to it to bypass authentication. The bootloader isn't going to stop this kind of attack in the slightest.
The only place where a bootloader can defend is when it's on a virtual environment and the user can interact, but even then, if the user is interacting during grub startup, they probably have root access as it is.
> If an attacker is sitting at the machine, they already have full control of the system. The bootloader isn't going to stop this kind of attack in the slightest.
You can have physical protection, like locks. And you can disable boot sources. So of course this password protection can make attacks much more difficult.
> If an attacker is sitting at the machine, they already have full control of the system.
You don't have to be physically in front of the machine to access the bootloader. You could be controlling a physical machine via KVMoIP and/or as you mention it could be a virtual machine to which you similarly have pre-boot control.
In both cases it would take at least one other exploit to get into the position where you could consider using this one, and maybe that exploit gives you full access anyway, but even though it is unlikely that this is going to be actually useful to attackers it is possible this it could play a role in a chain of exploits culminating in an effective attack.
Remote console access also exists outside of virtual environments. Yes, getting it means the attackers already got somewhere they shouldn't, but it isn't necessarily easy to exploit outside of DoS-attacks.
This almost sounds like a joke. Walk up to a Linux system using grub from anytime in the last six years, hit the backspace key 28 times and system is pwned. Just ... wow.
When the screen is locked with password, if I hold ENTER after some
seconds the screen freezes and the lock screen crashes. After that I
have the computer fully unlocked.
I don't think using a bootloader password is a very common way of (attempting to) secure a computer. At least I have never used it nor thought it could actually secure my computer (at least without locking out the bios/uefi to allow booting from other media and enabling secure boot).
So on any of my PCs, you could just press F10 to get access to the grub rescue shell.
I think that bios/uefi passwords and disk encryption are much more commonly used to prevent unauthorized access to an intruder with physical access to the computer when it boots.
> Note that since /bin/bash is the first process to run, the syslog daemon is not running, and so, logs are not recorded. That is, this access will not be detected using normal Linux monitoring.
For my own silly reasons, I never cared for Grub[12] and never used it on any of my systems. I always go out of my way to avoid it. Finally I have some justification.
the details of this are amazing. by pressing backspace you overflow a variable, which overwrites the return address with zero & jumps
the code at address zero Just Happens to be a valid self-modifying loop (!) that also Just Happens to jump somewhere into grub_rescue()