Security vulnerabilities in default Ubuntu install boot process
Dustin Kirkland
kirkland at canonical.com
Mon Jan 4 14:13:18 UTC 2010
On Mon, Jan 4, 2010 at 6:06 AM, Patrick Freundt
<patrick.freundt at googlemail.com> wrote:
> On Mon, Jan 4, 2010 at 12:43 PM, Martin Pitt <martin.pitt at ubuntu.com> wrote:
>
>> > This is clearly insecure.
>
>> Not really:
>
> Yes.
>
> And I would hope for a wiki article that explains how encrypted
> filesystems protect you from these risks, instead of attempting to
> argue whether these risks exist.
Such articles abound.
One such article discussing in great detail how you might encrypt your
home directory in Ubuntu is here:
* http://www.linux-mag.com/cache/7568/1.html
Beyond this, you can use the Server or the Alternate installer to
encrypt your entire drive using LVM.
* https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto
And I agree with the security team's assessment -- if an attacker has
physical access to your hard drive, encryption is your only real
protection. Adding a password to Grub/Grub2 simply means that the
attacker needs to have a screwdriver at their disposal.
:-Dustin
More information about the Ubuntu-devel-discuss
mailing list