Sudo and USB flash drives
Bill Stanley
bstanle at wowway.com
Sat Aug 18 17:18:13 UTC 2012
Hi,
When I was repartitioning my HD and booting a USB flash drive, I found
what may be a security flaw with sudo. This problem might not affect
computers with Linux installed so this might not be a problem. It goes
as follows...
I booted off the USB flash drive and opened a terminal window. Once I
got a command line I entered "sudo gparted". Next sudo asked for a
password. Since I didn't use any password when making the bootable
Linux flash drive, I pressed <ENTER> without typing anything in. Sudo
accepted it and gparted started.
Do we really want to allow root access when booting to a flash drive?
Maybe when booting from a USB drive or a CD-ROM, sudo should match the
root (sudo) password that is on the Hard drive. Of course, since I did
not have Linux installed yet, in this case sudo acted appropriately.
Bill Stanley
More information about the ubuntu-users
mailing list