eamonn.sullivan at gmail.com
Thu Jul 14 08:54:22 CDT 2005
On 14/07/05, Brett Profitt <brett at narnarnar.com> wrote:
> While on this subject, I must point out that "recovery mode" is wickedly
> insecure. I nearly fell out of my chair when I saw it automatically log
> in *as root* with *no password*. I understand WHY this happens, but
> that does not make it any less insecure.
> Most of the "solutions" I've seen consider locking grub to be the best
> option, which, in my mind, is completely out of the question. Are there
> any plans to correct this gaping security hole in Breezy?
I don't believe this is a security hole. If someone can walk up to the
keyboard of your computer, it's theirs. Adding a password or something
during recovery mode would just give the illusion of greater security
and complicate disaster recovery for newbies.
More information about the ubuntu-devel