when fsck failed, user gains unauthorised root access
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu |
New
|
Medium
|
Unassigned |
Bug Description
I don't know if this is a bug, sinde the sulogin in Ubuntu is patched to handle root login with an disables root account, but it is very insecure to drop a user directly a root shell without asking for authentifikcation if somthing at boot e.g. fsck failed.
My suggestion is to patch the /sbin/sulogin in Ubuntu that way, that it will be authorizing against the password of the group admin to grant root access in Runlevel 1 rather than giving root access without asking for authentification.
If root account is anebled it askes for the password like "give root password or press Control + D to continue). This should be the default behavior even if the root account is disabled like in the default setting of Ubuntu. So the sulogin has to be patched to ask for the password of the first System user who ist in the group admin and has the rigt to gain root access.
This is a dupe of https:/ /launchpad. net/distros/ ubuntu/ +source/ shadow/ +bug/21994