Choosing recovery mode in grub gives root priveliges without password!!!
Bug #10662 reported by
Jens-Erik Weber
This bug report is a duplicate of:
Bug #21994: Booting in recovery mode must ask for a password.
Edit
Remove
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
grub (Ubuntu) |
Invalid
|
Critical
|
Unassigned |
Bug Description
The summary says it all: In recovery mode you get a root shell without having
typed a password at all!!! When you log-in, you don't get a root shell at all by
default.
Though I like the concept of having a more up to date system than Debian that is
based on the latter, I really wonder: Who takes care of security at Ubuntu?
To post a comment you must log in.
This was a conscious choice. If someone has physical access to your machine,
then you have already lost -- they're just going to take the hard drive, or boot
from a CD, or something. All this did was to create an impediment by requiring
a separate password for people to remember.