Sudo and USB flash drives

Bill Stanley bstanle at
Sat Aug 18 17:18:13 UTC 2012


When I was repartitioning my HD and booting a USB flash drive, I found 
what may be a security flaw with sudo.  This problem might not affect 
computers with Linux installed so this might not be a problem.  It goes 
as follows...

I booted off the USB flash drive and opened a terminal window.  Once I 
got a command line I entered "sudo gparted".  Next sudo asked for a 
password.  Since I didn't use any password when making the bootable 
Linux flash drive, I pressed <ENTER> without typing anything in.  Sudo 
accepted it and gparted started.

Do we really want to allow root access when booting to a flash drive? 
Maybe when booting from a USB drive or a CD-ROM, sudo should match the 
root (sudo) password that is on the Hard drive.  Of course, since I did 
not have Linux installed yet, in this case sudo acted appropriately.

Bill Stanley

More information about the ubuntu-users mailing list