Security vulnerabilities in default Ubuntu install boot process

[Crispin Cooper]

Hi,
You may already know this, but I thought I should try and raise awareness
since it has affected someone I work with and the fix should be fairly
simple:

By default GRUB / GRUB2 will allow anyone who walks up to the computer to
select 'Recovery Mode' and gain root privileges. This is clearly insecure.
There are also some circumstance in which a failed boot (eg fsck error)
drops to a root shell. This is also highly insecure behaviour and should not
be the default.

The 'recovery mode' boot option vulnerability is already widely known and
reported all over the web. I understand that some users may forget their
password but the rest of us should not have our security compromised for
their convenience.

GRUB / GRUB2 should be password protected by the installer by default,
either using the primary users details or requesting another set of login
details for GRUB. I understand that GRUB and GRUB2 have this support already
and integration with the installer is all that would be required.

Instead of dropping to a root shell directly on boot failure the primary
users password should be required. I have no idea whether this would be easy
to implement or not.

Giving root access to anyone local to the machine as freely as Ubuntu
currently does is a very bad idea and needs attention.

Thanks for taking the time to read this,
Crispin

ps: I've also posted this on the ubuntu brainstorm site here:
http://brainstorm.ubuntu.com/idea/23182/

-- 
Quote of the [period of time 'till I change it]:
“Isn't it enough to see that the garden is beautiful, without having to
believe there are fairies at the bottom of it too?.” - Douglas Adams.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20091231/c338a0ff/attachment.html>