Re: Starting X as root, is this a security related issue?
Originally Posted by
towheedm
This happened to me by accident. I booted into recovery mode, selected the last item (drop to root shell) from the recovery menu.
Did what I had to do and forgot I was in recovery mode (totally ignored the console prompt). I issued the 'startx' command to start X. When the desktop appeared, I realized I was logged in a s root. Walla, I now had access to everything and if I was not the only user on my system, I could have just as easily deleted anything from the filesystem or even introduce a virus, trojan etc, or simply have added myself to the sudoers list for later use. Of course, I could have also done it before starting X.
I tried this with Fedora 15 but when I attempted to start X, it gave a permission denied error and exited. I could not start X from the recovery console.
Is this a security bug in Ubuntu or is this normal?
Anyone can drop to the recovery console as root without being asked for root's password and do as they please, or am I missing something here?
Physical access is root access.
Yes it is normal, you didnt need to startX to carry out those actions, you could of done them from the CLI
Root is disabled by default , the recovery console exists for physical access to help recover your system.
If others use your machine or have access to it then you need to secure your machine in other ways.
Backtrack - Giving machine guns to monkeys since 2006
Kali-Linux - Adding a grenade launcher to the machine guns since 2013
Bookmarks