[ubuntu-in] bug or what ?? logging into recovery mode without password
Ramnarayan.K
ramnarayan.k at gmail.com
Sat Feb 2 14:11:00 GMT 2008
Hi
Am not sure what the reason for this access "without password" to the
root / recovery boot option is - but its a flaw
in the first place why have any password if it can be circumvented by
logging on as root
second no where during the (very easy) install does it give the option
for a root password
third - even if its a stand alone machine the reason the passwrod
exists is to have some basic precaution from allowing "anyone" to
access the machine.
Fourth on a network (a basic one) where many machines are standalone
units with independent booting etc i shudder at the implications of
this flawed root access to the computer.
Of course there are many hacks into a machine but this flaw is really
a basic oversight and i guess needs to be addressed,
we complain about the basic M$ windoze setup being insecure - this
Ubuntu configuration is not dissimilar
so do i file a bug report, a security flaw or what - and where.
thanks
ram
On 1/4/08, Mehul Ved <mehul.n.ved at gmail.com> wrote:
> On 1/4/08, ramnarayan.k at gmail.com <ramnarayan.k at gmail.com> wrote:
> > So is this a bug, and security hole or what. Does this need to be reported
>
> It's what is called single user mode. This is how it is.
> No one can exploit it unless they have physical access to the machine.
> If you want to avoid people having physical access to the machine to
> be unable to exploit this then set GRUB password.
>
> --
> ubuntu-in mailing list
> ubuntu-in at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
>
More information about the ubuntu-in
mailing list