Sudo and USB flash drives

Patrick Asselman iceblink at seti.nl
Thu Aug 23 09:23:54 UTC 2012 

On 2012-08-18 22:41, Colin Law wrote:
> On 18 August 2012 21:02, Bill Stanley <bstanle at wowway.com> wrote:
>> On 08/18/2012 02:37 PM, Nils Kassube wrote:
>>>
>>> Bill Stanley wrote:
>>>>
>>>> When I was repartitioning my HD and booting a USB flash drive, I
>>>> found what may be a security flaw with sudo.  This problem might 
>>>> not
>>>> affect computers with Linux installed so this might not be a
>>>> problem.  It goes as follows...
>>>
>>>
>>> [...]
>>>
>>>> Do we really want to allow root access when booting to a flash 
>>>> drive?
>>>> Maybe when booting from a USB drive or a CD-ROM, sudo should match
>>>> the root (sudo) password that is on the Hard drive.  Of course,
>>>> since I did not have Linux installed yet, in this case sudo acted
>>>> appropriately.
>>>
>>>
>>> IMHO, there is no advantage if you check for an installed Linux and 
>>> use
>>> the root password from that partition. You pointed out the next
>>> necessary check, i.e. find out the Windows admin password and use 
>>> that
>>> one, if there is only Windows on the machine. But what would you 
>>> suggest
>>> to do if there are Windows and Linux installed? What if the disk is
>>> bought secondhand and you don't even know the password of the still
>>> existing OS on that disk?
>>>
>>> If the system isn't locked down and anyone can boot from external 
>>> media,
>>> it isn't safe anyway. Then why should an installation medium check 
>>> for
>>> existing passwords? IMHO that doesn't make much sense.
>>
>>
>> The issue of multiple OS's which are multi-booted is another thing 
>> that
>> occurred to me.  Which OS root (or admin) password do you choose?  
>> It is a
>> bit of a corundum.  Still, sudo should keep people without sudo 
>> access from
>> executing sudo privilege programs.  If someone can easily get around 
>> sudo by
>> booting off a flash drive what security is in that?  I think that 
>> the sudo
>> people should think about that!
>
> Even if the Ubuntu USB stick was modified in the way you suggest,
> anyone could boot from the USB stick burned with another operating
> system, or the gparted live cd or anything else that takes their 
> fancy
> and do anything they like to the system.  Once someone with malice in
> their mind has access to the machine there is nothing that can be 
> done
> to stop them doing anything they like if they are clever enough.  
> Data
> can be protected so that it cannot be read, by encrypting the disc,
> but that is all.
>
> Colin
>

Well, not all....

One can also disble booting from USB (and other media) in the BIOS, and 
password protect the BIOS.

But I agree, if someone has physical access to a PC, there are a lot of 
possibilities to do malice. Getting root access from a booted USB stick 
is only one of them. Booting into single user mode so you have root 
access is another one. Screwing open the case and stealing the hard 
drive is also a possibility. How you need to protect against these 
depends on the setting.

Best regards,
Patrick Asselman

More information about the ubuntu-users mailing list