Ubuntu security hole? (not super major, but wondering if it is an issue to report)
Alan McKinnon
alan at linuxholdings.co.za
Tue May 9 13:38:00 UTC 2006
On Tuesday 09 May 2006 06:04, Chanchao wrote:
> I may have discovered a security issue with Ubuntu..
>
> What happened was this. After logging into gdm, Gnome had trouble
> opening a bunch of panel applets. "Error while loading
> OAFIID:GNOME_ClockApplet" and pretty much every other applet.
> Things were just weird, also applications didn't start, etc. Then I
> logged out planning to log in again, but X failed to start.
>
> Upon reboot, it showed that the /root files system was corrupted
> and needed to be checked, and it proceeded to check that. However,
> then it encountered something that could not be corrected
> automatically and suggested to run the fsck command manually.
> ("Inodes that were part of a corrupted orphan linked list found.")
>
> HOWEVER, at this point it put me straight into a root shell!
Chances are this will have been answered by the time you get this, but
here goes anyway:
This only looks like a security hole, but there's no alternative.
fsck failed on /, therefore /etc/shadow cannot be read reliably,
therefore asking for a password to confirm login is nonsensical. Your
only option is to drop to a root shell to fix it. To do anything with
it, you have to be at a local console with physical access. Once you
have physical access, all security bets are off anyway - you can boot
into init 1 from grub, stick a LiveCD in the drive or do any one of a
number of things to gain full unrestricted access.
--
If only me, you and dead people understand hex,
how many people understand hex?
Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five
More information about the ubuntu-users
mailing list