Choosing recovery mode in grub gives root priveliges without password!!!

Bug #10662 reported by Jens-Erik Weber
8
Affects Status Importance Assigned to Milestone
grub (Ubuntu)
Invalid
Critical
Unassigned

Bug Description

The summary says it all: In recovery mode you get a root shell without having
typed a password at all!!! When you log-in, you don't get a root shell at all by
default.

Though I like the concept of having a more up to date system than Debian that is
based on the latter, I really wonder: Who takes care of security at Ubuntu?

Revision history for this message
Daniel Stone (daniels) wrote :

This was a conscious choice. If someone has physical access to your machine,
then you have already lost -- they're just going to take the hard drive, or boot
from a CD, or something. All this did was to create an impediment by requiring
a separate password for people to remember.

Revision history for this message
VinceLe (legoll) wrote :

Physical access can be secured enough so as to only let access to the keyboard,
and that should not enable one to log in as root without knowing the password.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.