Public bug reported: TL;DR When my laptops is stolen, people can choose the recovery option from grub startup menu, select the root terminal and createa a privileged user.
FIX: My proposed fix: When choosing the root terminal ask for the local password for the local root privileged account. If someone tries to create another account to 'steal' data? One still needs a password Long story http://askubuntu.com/q/676545/36315 I messed up my Ubuntu, I only got a black when booting my Ubuntu. When I started up my laptop, I selected the recovery option from the grub menu, and choose fallback at root terminal. I saw that I was able to use the add user command, which I probably could turn into a privileged user on my machine. Isn't that a security issue? One could have stolen my laptop, and at startup chose recovery and add another user, I'm fudged then. Including my data. Come to think of it, even if you somehow remove that entry, one could boot from a live-CD, get a chroot up and running, and then add another user, with the right privileges that allows it to muck everything up. If I set the BIOS to boot at my HD only, no USB, CD/DVD, Network startup. And set a BIOS password, it still wouldn't matter. Because you'd still have that grub recovery startup entry. I am fairly certain that someone from China, Russia can't just hack my Ubuntu Trusty Tahr, because it's secure like that. But, if one has physical access to my - your - machine, then, well, that's why I'm asking this question. How can I secure my machine so that hacking through physical access is not possible? ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: grub (not installed) ProcVersionSignature: Ubuntu 3.19.0-28.30~14.04.1-generic 3.19.8-ckt5 Uname: Linux 3.19.0-28-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.13 Architecture: amd64 CurrentDesktop: Unity Date: Mon Sep 21 11:02:01 2015 InstallationDate: Installed on 2015-09-09 (12 days ago) InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805) SourcePackage: grub UpgradeStatus: No upgrade log present (probably fresh install) ** Affects: grub (Ubuntu) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1497909 Title: grub's root terminal in the recovery menu, makes it possible for physical hacking. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/grub/+bug/1497909/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
