console gave me root without password
Bug #216974 reported by
Upayavira
This bug report is a duplicate of:
Bug #220986: friendly-recovery drops to a root shell even when a root password is set.
Edit
Remove
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| friendly-recovery (Ubuntu) |
New
|
Undecided
|
Kees Cook | ||
Bug Description
Binary package hint: friendly-recovery
My system wasn't behaving, so I booted to the recovery mode. It gave me a lovely menu, allowing me to reconfigure X, etc, and also to drop to a console.
That console gave me root, without asking me my password. This means that anyone who gains physical access to my PC can gain complete access to everything simply by rebooting.
I appreciate that they could gain such access by extracting my HDD, but this is just way too easy.
Upayavira
Revision history for this message
| Kees Cook (kees) wrote | #1 |
| Changed in friendly-recovery: | |
| assignee: | nobody → keescook |
| status: | New → Invalid |
Revision history for this message
| Kevin Funk (kfunk) wrote | #2 |
| Changed in friendly-recovery: | |
| status: | Invalid → New |
Revision history for this message
| Kees Cook (kees) wrote | #3 |
To post a comment you must log in.
Anyone with physical or console access can boot it with alternate init arguments, avoiding any kind of authentication (extracting the harddrive is not needed). For system that require a high level of physical security, various additional mechanisms of protection are recommended like disk encryption, BIOS passwords, etc.