Hello to everybody here. Recently, I came to know that Ubuntu can be easily hacked, using the Grub bootloader. The Proceedure is as follows:
1. While loading Grub, hit "e" to edit the Ubuntu menu.
2. Now, press e to edit the Kernel.
3. Replace the last words "ro single" with "rw=/init/bash"
4. Press Enter to save
5. Press b to boot the kernel
6. Next, a command shell will open, while we are root
Now, using passwd and users command, from root-shell we can easily create a new account (temporarily), or change the root or user password. Thus Ubuntu is hacked. I tried the procedure too, and it works really. Some of my friends, who are Windows fans, heavily cornered us in our Linux Club in our locality, by telling that Ubuntu is insecure from hackers. I am sorry to say, that even Windows XP requires a CD or software such as Windows Installation CD or DreamPackPL to get hacked, and that takes time. I want to know, that how can we secure our Grub bootloader such that no one can make changes to it, making Ubuntu very secure? (I know of securing BIOS, but still that is inconvenient, since if the BIOS pass is forgotten, then it is nearly impossible fo a genereal user to acces the Computer, since then even Linux CDs won't work).

Local access = owned on all systems.

Sorry, but I did'nt understand. Can you please tell me how to secure Grub?

Sorry, but I did'nt understand. Can you please tell me how to secure Grub?

Grenage is stating that if someone gets local access to any machine, it has been compromised. At University we had locked down XP machines, didn't stop anyone rebooting them and booting from a USB stick loaded with Ubuntu.

Right there, that machine no longer had any restrictions. We had root access.

It's not a hack.

what he means, is that when you have physical access to a machine, no OS is secure. You can always boot in to some recovery mode, boot from a cd/stick, remove the harddrive... this is not exactly news.

If you want, you can set a password on your bios and/or in grub. Both will make it a bit harder, but neither are fail proof. You can circumvent a bios password by resetting the bios (requires opening the machine) and you can always rewrite grub from a livecd. And you can still remove the drive and read whats on it on a different machine.

If you're concerned about the privacy of your documents, encrypt your home folder, and let "hackers" hack all they want. But you can not prevent anyone them using your computer when they have access to it.

Dude with local access you can hack every system easily. You can set a password to GRUB, or your HDD from bios.

: http://ubuntuforums.org/showthread.php?t=715630

(fysical/local access means every system can be hacked)

Thanks to all, but still, Ubuntu is the best OS in the entire planet. So, it should defy all challenges.

You could use the "encrypted home folder" option when you install ubuntu. Even root can not read that.

By the way, there's usually some jumper on the motherboard to reset the BIOS. Local acces == owned system ;), no matter what.

Well, I think I may try that.

You surely can encrypt your home partition, or even our whole system partition (-boot), but that only prevents them from reading your information, it doesn't prevent them from sabotaging you. Lock the computer away, that's the safest.

Sorry, I should have elaborated but was running out the door. The other posters answered you much more completely.

Thanks to all, but still, Ubuntu is the best OS in the entire planet. So, it should defy all challenges.

a computer operating system is no replacement for locking the front door to your home....

Moved to Recurring Discussions

No OS is 100% safe, really the only way to make sure nothing bad happens to your computer is to never turn it on.

No OS is 100% safe, really the only way to make sure nothing bad happens to your computer is to never turn it on.

Yep. Even better, drop it into a vat of acid. That should ensure that no one can hack it.

No OS is 100% safe, really the only way to make sure nothing bad happens to your computer is to never turn it on.

Yep. Even better, drop it into a vat of acid. That should ensure that no one can hack it.Better yet, never buy one.

Thanks to all, but still, Ubuntu is the best OS in the entire planet. So, it should defy all challenges.

Think about this for a while. Imagine you would have some hardened computer you couldn't use or access without some key or password.. what would you do if it needed reinstalling? What if you forgot the password? You'd have to throw the computer away and lose your stuff.

An OS is just a piece of software. It doesn't even attempt to prevent you using the computer for other things (imagine it would or could, windows somehow making it impossible to install or boot ubuntu!). Depending how you configure it, it can however prevent you from reading certain data, that is where encryption comes in. Use that if you are worried about ppl with physical access to the machine. Anything else, if you think about, you definitely wouldn't want.

like already mentioned above: encrypt your fs using LUKS, encfs, ecryptfs, truecrypt or whatever you like most. - problem: solved!

like already mentioned above: encrypt your fs using LUKS, encfs, ecryptfs, truecrypt or whatever you like most. - problem: solved!

Exactly

like already mentioned above: encrypt your fs using LUKS, encfs, ecryptfs, truecrypt or whatever you like most. - problem: solved!

You don't specify what problem you're solving. Someone could still repartition, reformat your drive and install a new system on top of it.

Also, if the information on it is sensitive now and will remain so for the foreseeable future, encryption isn't a guarantee of security. They could just take the drive, wait for the computational ability of computers to increase exponentially and then have a much better chance to crack it in the future with a much more powerful computer. Encryption is a temporary security measure because it relies on a task that's hard for the technology of today. There's no guarantee that this task will remain computationally out of reach (on a reasonable time scale) in the future.

Bottom line: if you are worried about the integrity of your machine/data, then ensure that nobody has access to the machine except you.

I have stumbled upon what seems to me a security concern regarding Ubuntu, at leat 9.04 Jaunty Jakalope, which is the current version I am using. I do not want to offend current policy for publishing ways of getting root rights without using sudo, so, I am not expliciting the way here, but there is a way for anyone get to a terminal as root without ever authenticating to the system and not even beeing a registered user. That is a real concern for me.
I would like to discuss this, or hear about a fix in a near udate. If there is another channel where I can post the method I will use it, or, if allowed, I will post it here. But I assure, it is trivial.
Regards,

I guess you are talking about having total access running a terminal from LiveCD, I'm right?

Or choosing recovery mode from the grub menu.

But if someone has physical access to your computer then they're always going to be able to get root access. They can open up the box and steal your harddrive if they like, or run a LiveCD/USB and get access to anything they want.

I have stumbled upon what seems to me a security concern regarding Ubuntu, at leat 9.04 Jaunty Jakalope, which is the current version I am using. I do not want to offend current policy for publishing ways of getting root rights without using sudo, so, I am not expliciting the way here, but there is a way for anyone get to a terminal as root without ever authenticating to the system and not even beeing a registered user. That is a real concern for me.
I would like to discuss this, or hear about a fix in a near udate. If there is another channel where I can post the method I will use it, or, if allowed, I will post it here. But I assure, it is trivial.
Regards,

Go ahead and post it here. I want to see how you do it.

Yes, I was astonished of finding that I could do it through the standard Grub menu, choosing recovery mode and after "Drop to root shell prompt".
Of course anyone with physical access to my computer can try to boot from a Live CD, PenDrive, or else, but any of these means I can block in the Bios Setup and allow booting only from the system Drive (which I can even physically lock). Why leave this door ope as default? I can certainly remove this option from "menu.lst", but I think that the opposite should be implemented - the default installation should not show this option, leaving it at the discretion of the user to enable it or not. Isn't this a security concern for you? For me it is.
I supose that one of the main reasonings behind Linux is exactly to be secure by default (isn't this the reasoning behind "sudo"?). If I were to accept leaving this door open because anyone with pysical acces to my machine can steal my HD then why any security at all? IMHO it is because you should close as much doors as you can to make it harder for someone else, not authorized, to get access to you system. Not impossible, but harder.

I suggest you read this thread from the begining, the way to guard your preciuos data is to encrypt your home directory.

I'm sorry, but this you are not going to teach me. I teach it to my students. But I agree with you, encryption is a solution for protecting my data, but security isn't just protecting my data, but protecting my system. If someone can disrupt my system at will in any way, this is a security problem. Even though I may reconstruct it from a security backup.

If I were to accept leaving this door open because anyone with pysical acces to my machine can steal my HD then why any security at all? Because the greatest threats to your computer's security are online ones. Computers are compromised millions of times more often remotely than locally.

i use a BIOS password to protect casual access to my system.

never bothered encrypting /home.

Yes, I was astonished of finding that I could do it through the standard Grub menu, choosing recovery mode and after "Drop to root shell prompt".
Of course anyone with physical access to my computer can try to boot from a Live CD, PenDrive, or else, but any of these means I can block in the Bios Setup and allow booting only from the system Drive (which I can even physically lock). Why leave this door ope as default? I can certainly remove this option from "menu.lst", but I think that the opposite should be implemented - the default installation should not show this option, leaving it at the discretion of the user to enable it or not. Isn't this a security concern for you? For me it is.
I supose that one of the main reasonings behind Linux is exactly to be secure by default (isn't this the reasoning behind "sudo"?). If I were to accept leaving this door open because anyone with pysical acces to my machine can steal my HD then why any security at all? IMHO it is because you should close as much doors as you can to make it harder for someone else, not authorized, to get access to you system. Not impossible, but harder.

It is amazing to watch people understand how vulnerable they are to physical access. Why do you think they keep servers in locked rooms ?

i use a BIOS password to protect casual access to my system.

never bothered encrypting /home.

That is fine so long as you do not have sensitive data on your computer you need to protect and you understand the limits of things such as BIOS and Grub passwords. BIOS and grub passwords will deter only the most casual of potential crackers (which may be all you feel you need).

These threads seem to come up every week or so. Really, everything is said with "Physical access is root access".

These threads seem to come up every week or so. Really, everything is said with "Physical access is root access".

And scary is the physical access opportunities when considering a laptop or netbook. Inside a house is one thing but out in public that can be gone in the blink of an eye.

I have read that Karmic is including disk encryption option during installation?

And scary is the physical access opportunities when considering a laptop or netbook. Inside a house is one thing but out in public that can be gone in the blink of an eye.

I have read that Karmic is including disk encryption option during installation?

Jaunty already provides the option to have an encrypted /home. At least it does on that alternate installation CD.

Jaunty already provides the option to have an encrypted /home. At least it does on that alternate installation CD.

... or to use an encrypted LVM for the whole system (except /boot) sice (IIRC) Dapper.

Physical access is a low priority compared to say, securing running services that are facing the Internet.

Physical access= access to the system. Only full encryption protects your system/data.

Apple + S on boot
mount -uw /
rm /var/db/.AppleSetupDone
shutdown -h now

You have now tricked a Mac into thinking it has never been set-up before. Of course, the first account's password will be the sudoers password.

Physical Access = Instant Compromise, why do you think they keep servers behind lock and key?

that's why i write sensitive information on little scraps of paper

Physical Access = Instant Compromise, why do you think they keep servers behind lock and key?

At one of the companies I used to work for, due in part to a limitation of the OS, storing stuff on tape was instant compromise, making the data available to anyone within the company who knew which tape the data was on. A couple of simple overrides (which I won't specify here) were sufficient to bypass the usually very stringent security precautions that had been set up. Chances are, however, you wouldn't be able to get away with it for long, due to logging arrangements.

Physical access IS root access. You can boot it up with a livecd and pull all of the data off the harddisk as long as it isn't encrypted.

If you're gonna bother with encryption then you're also gonna make damn sure that there's a root password, and you probably won't be using Ubuntu.

Physical access IS root access. You can boot it up with a livecd and pull all of the data off the harddisk as long as it isn't encrypted.

If you're gonna bother with encryption then you're also gonna make damn sure that there's a root password, and you probably won't be using Ubuntu.
Root users can't access encrypted tables.

If you're gonna bother with encryption then you're also gonna make damn sure that there's a root password, and you probably won't be using Ubuntu.

Well I too have to disagree with that statement.

"Encryption" is a broad topic and there are many tools one can use. These tools all work on Ubuntu without the need to set a root password.

If you're gonna bother with encryption then you're also gonna make damn sure that there's a root password, and you probably won't be using Ubuntu.

Could you please quit it with the "Ubuntu is for dumb people" garbage? I use encrypted LVM and I don't have a root password, and I'm running Ubuntu.

If you're gonna bother with encryption then you're also gonna make damn sure that there's a root password, and you probably won't be using Ubuntu.

Uh.

A root password is less secure than a sudoer's password : in the case of a root password, you already know 1 out of 2 pieces of information necessary to log in, i.e. the username, 'root'.

This is one of the main reasons enabling a root account is not recommended.

Could you please quit it with the "Ubuntu is for dumb people" garbage? I use encrypted LVM and I don't have a root password, and I'm running Ubuntu.

Could you please quit it with the obnoxious behaviour?

I never said Ubuntu was for dumb people, I just implied that the fact that Ubuntu doesn't by default give you a root password, if you want a root password you probably won't be using Ubuntu (the UF COC doesn't even allow giving instructions to create a root password on ubuntu).

(the UF COC doesn't even allow giving instructions to create a root password on ubuntu).

That also is not true.

We ask you to educate users how to use sudo.

We support setting a root password when necessary.

When you do advise setting a root password please advise users of the risks as well as how to reverse these changes. If you do not know the risks and how to lock the root account agin, perhaps you should learn them.

If you need a root shell please use:

sudo -i

Physical access= access to the system. Only full encryption protects your system/data.

And even then it's only considered "safe for now" because the odds of finding the right key in a given time frame are very small. There's no real way to know whether someone will stumble upon an algorithm next week that allows for fast prime number factorization. At that point, the current set of public key encryption methods becomes instantly insecure. (Or if somebody builds a functional quantum computer, etc.)

Encryption provides a practical protection for data, but it should be considered temporary. Consider that someone can steal the encrypted data and sit on it for a few decades while computers get exponentially faster (presuming that we find ways to stick to Moore's Law). They can then attempt to crack the cipher with an exponentially faster computer and all of the bits that put the calculation out of practical reach on the technology of today may only take a few years or months on exponentially more powerful computers. Obviously, this is sufficient protection for any average home user and most businesses and parties with really sensitive data should know all of this already. I just wanted to counter the idea that encryption represents some kind of absolute security for your data.

speaking of encryption if i use luks with the alternative cd will it make any difference?

Of course anyone with physical access to my computer can try to boot from a Live CD, PenDrive, or else, but any of these means I can block in the Bios Setup and allow booting only from the system Drive (which I can even physically lock).No, your system still won't be secure when using BIOS settings, because BIOS can be reset by removing the system battery.

Why leave this door ope as default? ...
I supose that one of the main reasonings behind Linux is exactly to be secure by default (isn't this the reasoning behind "sudo"?).No, Linux isn't supposed to be "secure by default". There is no such "default" intentions as far as security is concerned. Implementation of security features in Linux is entirely dependent on the goals of the developers of a particular distribution.

The use of "sudo" is also not for making Linux "secure by default". What sudo does from a security administration point of view is provide a record of which user performed actions on a system using root access, and finer control over which user is able to obtain root access. It is little more than a tool of convenience. On Ubuntu, sudo is used to make root access simpler, so that the average user doesn't need to bother with having a separate root account.

If I were to accept leaving this door open because anyone with pysical acces to my machine can steal my HD then why any security at all? IMHO it is because you should close as much doors as you can to make it harder for someone else, not authorized, to get access to you system. Not impossible, but harder.The thing is, a person who has physical access to your system won't find it harder to compromise it merely because there is a password-protected root account. As mentioned before, a LiveCD can be used, the HDD can be physically taken, etc. And if an attacker was not interested in the contents of your HDD, but only in making it unusable, they can destroy it physically.

Ubuntu is a distro which aims to be user-friendly. As you are probably aware, security often comes at the expense of convenience. The developers obviously thought that the slight decrease in security by having a password-less recovery mode is acceptable in exchange for the added convenience. Personally, I think this is fine for 99% of home users; for commercial users, the system administration staff should be able to tailor the security access policies appropriately; for security-sensitive environments, one should not use an ordinary Linux distribution.

Obviously, you can change this behaviour by modifying the grub settings, and setting up a root account and password, if you so desire.

@bodhizazen

When I gave someone instructions on how to set a root password, a forum admin gave me a warning and said that I shouldn't do that, it's against the UF COC.

@bodhizazen

When I gave someone instructions on how to set a root password, a forum admin gave me a warning and said that I shouldn't do that, it's against the UF COC.

I am not trying to give you mixed messages, merely clarifying what my expectations are.

I obviously have not reviewed the incident you are referring to. but my guess is you probably advised setting a root password unnecessarily with out giving proper information / warnings.

Protecting your data is very simple: Juist have a boot password set in BIOS any if someone enters the wrong password your HDD covered in Thermite is ignited, Thieves wont get anything out of it.

But can't you just as easily reset the bios password by reinserting the CMOS battery?

Protecting your data is very simple: Juist have a boot password set in BIOS any if someone enters the wrong password your HDD covered in Thermite is ignited, Thieves wont get anything out of it.

You'd also need a mirror somewhere if you can't afford to lose the data (which is likely, if you're going to such ends to protect it). That mirror needs to be protected. Etc.

Plus it makes it extra easy to destroy your data (and your machine) if the goal is just to harass you.

But can't you just as easily reset the bios password by reinserting the CMOS battery?

You are correct, both BIOS and grub passwords are trivial in terms of protection and will deter only the most casual of crackers.

Alright, so I am trying to set up a "new" laptop (Thinkpad T40 in case you're interested). What is, after all this back-and-forth, going to be the best option for security since it will be carried out into the "wylde"?

Encrypt the hard disk (thinking of using LVM too) but the /boot partition cannot be encrypted?

Alright, so I am trying to set up a "new" laptop (Thinkpad T40 in case you're interested). What is, after all this back-and-forth, going to be the best option for security since it will be carried out into the "wylde"?

Encrypt the hard disk (thinking of using LVM too) but the /boot partition cannot be encrypted?

Only you can answer that question. Why do you think /boot needs to be encrypted, do you thing somebody is going to access your laptop , boot some kind of live CD, and install some kind of custom kernel or other malware into /boot ?

As of now /boot can not be encrypted as grub can not decrypt the kernel or initrd.

If this is a problem for you the best you can do is put /boot on a removable flash drive.

You do not need LVM for encryption. Be sure to encrypt /swap and /.

Only you can answer that question. Why do you think /boot needs to be encrypted, do you thing somebody is going to access your laptop , boot some kind of live CD, and install some kind of custom kernel or other malware into /boot ?

As of now /boot can not be encrypted as grub can not decrypt the kernel or initrd.

If this is a problem for you the best you can do is put /boot on a removable flash drive.

You do not need LVM for encryption. Be sure to encrypt /swap and /.

Ah.. the /swap! Glad to bring that to my attention!

The LVM isn't for encryption purposes, I just like the flexibility.

I'm not going to go crazy with putting the /boot on a USB or anything (though that is a pretty good method), I just want to give it some protection.

Right now my work laptop is whole-disk encrypted and comes up with a pass phrase request before Windows starts to boot up.

Since /boot cannot, I assume that Grub will show up and then when it is time to boot the system it will ask for a pass phrase to continue? Therefore, if somebody drops from Grub into a shell they will still need the pass phrase to do anything that will modify the / partition when it is encrypted?

Just verifying my understanding.

Well, IMO, neither a BIOS or GRUB password add any substantial security.

If your / and /swap are encrypted that means the can not be accessed by any means without entering a password and decrypting.

If you wish, boot a live CD and try to mount your encrypted partitions.

/boot can not be "protected" in any way , files in boot can be accessed and replaced (your grub password can be changed or deactivated) with a live CD. As of now the only option you have would be to put /boot on a removable device.

If you wish, boot a live CD and try to mount your encrypted partitions.

I had to do that when a laptop installation went sour the morning I was doing a presentation and the hard drive was encrypted. Took a while to find out how to get the data off of the hard drive (it was Fedora who uses LUKS).

Then I found out accessing an LVM setup was an additional hurdle to jump!

I see many users on the forums who go the encryption route after finding out about that sort of things. Actually, all users I ever heard of that do any kind of encryption on their personal data are people from around here. My frikkin' *crypto teacher* from college (the kind that writes papers on the stuff) does not do full disk encryption.

My honest questions are : a. are you really in the sort of environment where this poses a problem (ie. do you know for sure that people are after your data), and b. is your data really that sensitive ?

Right now I have to assume that half the population of this forum is some kind of diplomat or secret service agent.

If it's just a matter of not getting your system owned, you should mostly be worried about remote exploits and brute forcing passwords. Botnets are not built by some guy wandering around internet cafés and removing random people's CMOS batteries.

My honest questions are : a. are you really in the sort of environment where this poses a problem (ie. do you know for sure that people are after your data), and b. is your data really that sensitive ?

Right now I have to assume that half the population of this forum is some kind of diplomat or secret service agent.

Naw.. just overly protective of my UbuntuForums account password! :lolflag:

My honest questions are : a. are you really in the sort of environment where this poses a problem (ie. do you know for sure that people are after your data), and b. is your data really that sensitive ?

Right now I have to assume that half the population of this forum is some kind of diplomat or secret service agent.
It's a "magic bullet" kinda thing. People are insecure about security, because they don't know much about it, so they reach for the wonder oil : "encrypt your hard disk and you'll never have to worry about security again".

That, and a tendency to want "the best" - the fastest PC, the best operating system, the widest monitor, the highest screen resolution, the ultimate security, ... "anti-virus ? firewall ? passwords ? mere toys - I do nothing less than full disk encryption"


Outside the geek universe, there's something similar going on with big/fast cars compensating for undersized body parts in the reproductive system.


Just kidding .... sort of.

It's a "magic bullet" kinda thing. People are insecure about security, because they don't know much about it, so they reach for the wonder oil : "encrypt your hard disk and you'll never have to worry about security again".

That, and a tendency to want "the best" - the fastest PC, the best operating system, the widest monitor, the highest screen resolution, the ultimate security, ... "anti-virus ? firewall ? passwords ? mere toys - I do nothing less than full disk encryption"


Outside the geek universe, there's something similar going on with big/fast cars compensating for undersized body parts in the reproductive system.


Just kidding .... sort of.

Hey... my car isn't THAT fast ... *mutter*

Hey... my car isn't THAT fast ... *mutter*

I bet it's faster than mine

:)

Why leaving the door open when you can lock it?
Without a default password, anyone can access with root privileges without having a CD, opening your case to remove the BIOS password or any other kind of stuff. It just boot and there is it.

That's just my 2 cents.