You have been subscribed to a public bug by Marc Deslauriers (mdeslaur):
Binary package hint: grub2
In clean installation of Ubuntu (and it's derivative KUbuntu) local users can
get local root access to machine using Recovery Console. Also in Grub menu he
can edit properties of be runned Ubuntu and also get local root access. We
don't look at situation with no root password. But Grub menu entries and
editing boot options should be password protected.
In particular, should be defined superuser in /etc/grub.d/10_headers and in
/etc/grub.d/10_linux make change like this:
if ${recovery} ; then
title="$(gettext_quoted "%s, with Linux %s (recovery mode)")"
printf "menuentry '${title}' ${CLASS} --users superman {\n" "${os}"
"${version}"
else
title="$(gettext_quoted "%s, with Linux %s")"
printf "menuentry '${title}' ${CLASS} {\n" "${os}" "${version}"
fi
It is important for Ubuntu installations in, in particular, educational
institutions, for protecting from vandals.
Also, password setting for Grub should be provided by installer and should be
cli (and gui, possible) tools for changing Grub2 password.
** Affects: grub2 (Ubuntu)
Importance: Undecided
Status: New
--
Security issue in default installation
https://bugs.edge.launchpad.net/bugs/631315
You received this bug notification because you are a member of Ubuntu Bugs,
which is a direct subscriber.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
