single user (and other) boot methods allow local users to gain access to root
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
upstart |
Won't Fix
|
Undecided
|
Unassigned | ||
sysvinit (Debian) |
New
|
Undecided
|
Unassigned |
Bug Description
hello,
there is a method [1] that is described as a means to recover a forgotten password, but it also enables malicious local users to gain root access. this is very bad indeed.
also see debian bug report [2], which hasn't seen much activity for quite some time. however, this is because the conditions for exploitation, in particular not setting a password for the root account, are non-default on debian. these conditions are the default on ubuntu, which makes this so bad.
this vulnerability has been present since at least dapper (and probably since warty); whichever version first introduced no-root.
[1] http://
[2] http://
description: | updated |
security vulnerability: | yes → no |
visibility: | private → public |
No computer is secure when the intruder has physical access to the computer, therefore this is not something we actively attempt to control in our default installation; however we do provide options to allow you to secure against it as much as is possible.
Physical access means that the hard drive can be removed, and mounted into another machine to retrieve the data. In order to work around this, you would need to encrypt your filesystem (you can set this up from the alternate installer).
Encrypting your filesystem requires that a passphrase be entered during boot, whether or not the init system is bypassed or the computer booted into single-user mode.
It would also be recommended that you encrypt your swap partition so that forensic debugging cannot be used to obtain data from paged virtual memory.
Securing the boot loader itself, or the system options permitted, is pointless because the user can simply insert a different bootable disk with an alternate boot loader to boot the system however they want. Indeed the Ubuntu Live CD would permit this, no special "kits" are required.
Securing the BIOS would not prevent the data being retrieved by removing the hard drive.