Security vulnerabilities in default Ubuntu install boot process

Dustin Kirkland kirkland at canonical.com
Mon Jan 4 14:13:18 UTC 2010


On Mon, Jan 4, 2010 at 6:06 AM, Patrick Freundt
<patrick.freundt at googlemail.com> wrote:
> On Mon, Jan 4, 2010 at 12:43 PM, Martin Pitt <martin.pitt at ubuntu.com> wrote:
>
>> > This is clearly insecure.
>
>> Not really:
>
> Yes.
>
> And I would hope for a wiki article that explains how encrypted
> filesystems protect you from these risks, instead of attempting to
> argue whether these risks exist.

Such articles abound.

One such article discussing in great detail how you might encrypt your
home directory in Ubuntu is here:
 * http://www.linux-mag.com/cache/7568/1.html

Beyond this, you can use the Server or the Alternate installer to
encrypt your entire drive using LVM.
 * https://help.ubuntu.com/community/EncryptedFilesystemLVMHowto

And I agree with the security team's assessment -- if an attacker has
physical access to your hard drive, encryption is your only real
protection.  Adding a password to Grub/Grub2 simply means that the
attacker needs to have a screwdriver at their disposal.

:-Dustin




More information about the Ubuntu-devel-discuss mailing list