Ubuntu security hole? (not super major, but wondering if it is an issue to report)

Chanchao custom at freenet.de
Tue May 9 04:04:18 UTC 2006 

I may have discovered a security issue with Ubuntu..  

What happened was this. After logging into gdm, Gnome had trouble
opening a bunch of panel applets.  "Error while loading
OAFIID:GNOME_ClockApplet" and pretty much every other applet. Things
were just weird, also applications didn't start, etc. Then I logged out
planning to log in again, but X failed to start.

Upon reboot, it showed that the /root files system was corrupted and
needed to be checked, and it proceeded to check that. However, then it
encountered something that could not be corrected automatically and
suggested to run the fsck command manually. ("Inodes that were part of a
corrupted orphan linked list found.")

HOWEVER, at this point it put me straight into a root shell!
'root at ubuntu #'   So it did not prompt for a root password (obviously,
as there is none) but it also did not prompt for my own password. Of
course it wouldn't know which username in the sudoers list to pick (in
my case there's only one), but the result was that the system opened
itself up with complete root access to whoever was sitting at the
keyboard. That's got to be a security hole for people who setup Ubuntu
to run for restricted users, locked up Grub with a password, physically
secured the computer, etc.

So I guess what should happen in such a case is not dump the user
straight into a root shell, but a regular login prompt or at the very
least let the user enter who he is, check that he's in the sudoers list
and check for the password.  

Or, if all that isn't available because that's ALSO corrupted or
otherwise not readable then perhaps it should force the user to go back
to (the secured) Grub and enter a password there before being allowed to
boot into recovery mode?  

I guess that would be best solution.. Instead of just opening up a root
shell to whoever is at the keyboard, the system should force to go into
recovery mode, which can be secured in Grub. 

If everyone agrees that the above behaviour is not ideal then I will
file a big report,  but would like some opinions first. 

(BTW, after running fsck manually everything cleared up and went back to
normal.)

Cheers,
Chanchao

More information about the ubuntu-users mailing list