Ubuntu security hole? (not super major, but wondering if it is an issue to report)
Mike Bird
mgb-ubuntu at yosemite.net
Tue May 9 15:22:16 UTC 2006
On Tuesday 09 May 2006 02:03, Dick Davies wrote:
> On 09/05/06, Matthew R. Dempsky <mrd at alkemio.org> wrot
> > However, I see nothing wrong with being able to configure the kernel not
> > to drop to a shell in case of an error. Then grub could be configured
> > by default to boot a kernel configured as such; if an error occurs,
> > reboot, enter your grub password to temporarily edit the kernel options,
> > and get your root shell to fix things.
>
> What would be the point? It would'nt stop an attacker with physical access
> (they'd just pull the drive and blank the passwords. I know I do),
> it'd just make
> forgetting the root/sudo password more irritating.
Keyboard/mouse/monitor access does not imply removable media access.
I have worked where most programmers had keyboard/mouse/monitor remote access
but no physical access to the secure computer room. Programmers could reboot
a system when necessary but not use removable media to become root.
If Ubuntu is to be a possibility in many corporate and government situations,
it would be best not to open new security holes.
--Mike Bird
More information about the ubuntu-users
mailing list