Sudo and USB flash drives

Nils Kassube kassube at
Sat Aug 18 18:37:10 UTC 2012

Bill Stanley wrote:
> When I was repartitioning my HD and booting a USB flash drive, I
> found what may be a security flaw with sudo.  This problem might not
> affect computers with Linux installed so this might not be a
> problem.  It goes as follows...


> Do we really want to allow root access when booting to a flash drive?
> Maybe when booting from a USB drive or a CD-ROM, sudo should match
> the root (sudo) password that is on the Hard drive.  Of course,
> since I did not have Linux installed yet, in this case sudo acted
> appropriately.

IMHO, there is no advantage if you check for an installed Linux and use 
the root password from that partition. You pointed out the next 
necessary check, i.e. find out the Windows admin password and use that 
one, if there is only Windows on the machine. But what would you suggest 
to do if there are Windows and Linux installed? What if the disk is 
bought secondhand and you don't even know the password of the still 
existing OS on that disk?

If the system isn't locked down and anyone can boot from external media, 
it isn't safe anyway. Then why should an installation medium check for 
existing passwords? IMHO that doesn't make much sense.


More information about the ubuntu-users mailing list