Choosing recovery mode in grub gives root priveliges without password!!!

Bug #10662 reported by Jens-Erik Weber on 2004-11-25
8
Affects Status Importance Assigned to Milestone
grub (Ubuntu)
Critical
Unassigned

Bug Description

The summary says it all: In recovery mode you get a root shell without having
typed a password at all!!! When you log-in, you don't get a root shell at all by
default.

Though I like the concept of having a more up to date system than Debian that is
based on the latter, I really wonder: Who takes care of security at Ubuntu?

Daniel Stone (daniels) wrote :

This was a conscious choice. If someone has physical access to your machine,
then you have already lost -- they're just going to take the hard drive, or boot
from a CD, or something. All this did was to create an impediment by requiring
a separate password for people to remember.

VinceLe (legoll) wrote :

Physical access can be secured enough so as to only let access to the keyboard,
and that should not enable one to log in as root without knowing the password.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.