Written by Prosthetic Head the 31 Dec 09 at 01:43.
By default GRUB / GRUB2 will allow anyone who walks up to the computer to select 'Recovery Mode' and gain root privileges. This is clearly insecure. There are also some circumstance in which a failed boot (eg fsck error) drops to a root shell. This is also highly insecure behaviour and should not be the default.
The 'recovery mode' boot option vulnerability is already widely known and reported all over the web. I understand that some users may forget their password but the rest of us should not have our security compromised for their convenience.
Not to bag microsoft too much, but if your idea could be implimented then they would have made it extreamly difficult for us to install the OS of choice. We can get into most systems with a live cd of knoppix of ubuntu or maybe other OSs too.
I would suggest for your personal system to have a boot password on your bios, so the person would need to wipe the cmos if they did not know the boot password.. Please remember, Locks keep honest people out.