no login promt at "recovery mode"-boot

Bug #283662 reported by Thomas on 2008-10-15
This bug affects 1 person
Affects Status Importance Assigned to Milestone

Bug Description

I have found out, that when i boot over grub in the "recovery mode" that i can drop to a root shell without enter a password?! HELLO??? Whats wrong? This cant be true!

Thomas (t.c) wrote :

user@nb:~$ lsb_release -rd
Description: Ubuntu intrepid (development branch)
Release: 8.10

Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Ubuntu has disabled the root (or superuser) password and uses the sudo command instead. For details on its usage and security implications, please see for details.

Thomas (t.c) wrote :

Hello?! what have you not understand?

Everybody can take control of my notebook, without a authentication!? That is OK??

Jamie Strandboge (jdstrand) wrote :

The only way to protect your data if an attacker has physical access to your machine is via encryption. Eg, if they can reboot and see the grub prompt, then they can just as easily insert a live cd and have access to everything, bypassing the root password altogether. If you use a grub password, then they can remove the drive and mount it in another system.

You can use LVM disk encryption from the alternate installer CD or the newly integrated ecryptfs functionality in

Thomas (t.c) wrote :

Ok.. i make this hole public to the World.. we will see if get fixed or not..

Thomas (t.c) wrote :

When it is checked by Youtube u can see it at this address:

Christoph Langner (chrissss) wrote :

Perhaps you should watch this... I'll call it "Hacking Debian"...

As long as you don't encrypt your files, everyone who has direct access to your hardware is able to get your data...

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Duplicates of this bug

Other bug subscribers