Booting in recovery mode must ask for a password
Bug #21994 reported by
Ricardo Pérez López
This bug affects 3 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sysvinit (Ubuntu) |
Invalid
|
Medium
|
Unassigned |
Bug Description
(I choose "login" as package but I think it could be "sulogin" instead, but
"sulogin" isn't in the Package list above).
I think booting in recovery mode must ask for a password. By now, recovery mode
boots without asking for a password, and falls into a root prompt with admin
privileges without identyfing the user. I think this is a potential security
risk (even WinXP asks for a password when goes into recovery mode).
The solution could be to ask for the user password (the user created during
installation process, i.e. the "main" user), or a password of any user member of
the 'wheel' group.
What do you think?
To post a comment you must log in.
This is working as designed; note that the only way to access recovery mode is
with physical access to the system, and several other configuration changes must
be made in order to secure the console if that is desired (e.g., BIOS setup
passwords)