[ubuntu-in] bug or what ?? logging into recovery mode without password
Gaurav Shah
freedomyug at gmail.com
Sat Feb 2 16:25:57 GMT 2008
>
>
> we complain about the basic M$ windoze setup being insecure - this
> Ubuntu configuration is not dissimilar
>
> so do i file a bug report, a security flaw or what - and where.
>
> thanks
> ram
>
> On 1/4/08, Mehul Ved <mehul.n.ved at gmail.com> wrote:
> > On 1/4/08, ramnarayan.k at gmail.com <ramnarayan.k at gmail.com> wrote:
> > > So is this a bug, and security hole or what. Does this need to be
> reported
> >
> > It's what is called single user mode. This is how it is.
> > No one can exploit it unless they have physical access to the machine.
> > If y>
> > --
> > ubuntu-in mailing list
> > ubuntu-in at lists.ubuntu.com
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
> >
>
> --
> ubuntu-in mailing list
> ubuntu-in at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-in
> ,ou want to avoid people having physical access to the machine to
> > be unable to exploit this then set GRUB password.
>
I believe, not only ubuntu, but for any linux distro , if you dont setup a
bootloader password on your machine
, its very easy to get admin access and run any of the commands from the
single user mode.
Its a common practice by linux admins to use single user mode to recover
lost root password.
If you are concerned about physical security, you MUST setup bootloaded
password.
Similarly, its also possible to boot using boot cds and mount partitions on
your system and access data without caring about the permissions etc.
So what you say is a flaw, is in my opinion should be addresses under
physical security.
thanks
gshah
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.ubuntu.com/archives/ubuntu-in/attachments/20080202/dccdc302/attachment.htm
More information about the ubuntu-in
mailing list