Ubuntu security hole? (not super major, but wondering if it is an issue to report)
Florian Diesch
diesch at spamfence.net
Fri May 12 14:27:23 UTC 2006
Alan McKinnon <alan at linuxholdings.co.za> wrote:
> On Tuesday 09 May 2006 06:04, Chanchao wrote:
>> I may have discovered a security issue with Ubuntu..
>>
>> What happened was this. After logging into gdm, Gnome had trouble
>> opening a bunch of panel applets. "Error while loading
>> OAFIID:GNOME_ClockApplet" and pretty much every other applet.
>> Things were just weird, also applications didn't start, etc. Then I
>> logged out planning to log in again, but X failed to start.
>>
>> Upon reboot, it showed that the /root files system was corrupted
>> and needed to be checked, and it proceeded to check that. However,
>> then it encountered something that could not be corrected
>> automatically and suggested to run the fsck command manually.
>> ("Inodes that were part of a corrupted orphan linked list found.")
>>
>> HOWEVER, at this point it put me straight into a root shell!
>
> Chances are this will have been answered by the time you get this, but
> here goes anyway:
>
> This only looks like a security hole, but there's no alternative.
>
> fsck failed on /, therefore /etc/shadow cannot be read reliably,
> therefore asking for a password to confirm login is nonsensical. Your
Asking for a password is what AFAIK most other distributions do in this
case (something like "Give root password for maintenance or press Ctrl-D
to continue the boot process"). If authentication doesn't work you have to
reboot. If / is damaged chances are that the binaries you need to
repair the system are damaged too.
IMHO Ubuntu should either aks for a username and password or ask the
user to boot from another medium and halt the system.
This of course is one of the cases where there's a trade between
secirity and usability. But I think Ubuntu should go with secutrity here
as the impact on usability isn't that big but security is only as good
as the weakest link.
> only option is to drop to a root shell to fix it. To do anything with
> it, you have to be at a local console with physical access. Once you
> have physical access, all security bets are off anyway - you can boot
> into init 1 from grub, stick a LiveCD in the drive or do any one of a
> number of things to gain full unrestricted access.
In any environment where security matters this actions are password
protected.
Florian
--
Emacs is both the hottest and the coolest editor of all.
[David Kastrup in <85bquyk0y4.fsf at lola.goethe.zz>]
More information about the ubuntu-users
mailing list