Hi, You may already know this, but I thought I should try and raise awareness since it has affected someone I work with and the fix should be fairly simple:
By default GRUB / GRUB2 will allow anyone who walks up to the computer to select 'Recovery Mode' and gain root privileges. This is clearly insecure. There are also some circumstance in which a failed boot (eg fsck error) drops to a root shell. This is also highly insecure behaviour and should not be the default. The 'recovery mode' boot option vulnerability is already widely known and reported all over the web. I understand that some users may forget their password but the rest of us should not have our security compromised for their convenience. GRUB / GRUB2 should be password protected by the installer by default, either using the primary users details or requesting another set of login details for GRUB. I understand that GRUB and GRUB2 have this support already and integration with the installer is all that would be required. Instead of dropping to a root shell directly on boot failure the primary users password should be required. I have no idea whether this would be easy to implement or not. Giving root access to anyone local to the machine as freely as Ubuntu currently does is a very bad idea and needs attention. Thanks for taking the time to read this, Crispin ps: I've also posted this on the ubuntu brainstorm site here: http://brainstorm.ubuntu.com/idea/23182/ -- Quote of the [period of time 'till I change it]: “Isn't it enough to see that the garden is beautiful, without having to believe there are fairies at the bottom of it too?.” - Douglas Adams.
-- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss