5 Cups of Ubuntu
vulnerable login in ubuntu 7.10 - the Gutsy Gibbon
Hi,
Using: Ubuntu 7.10- Gusty Gibbon
There is an option during booting:
ubuntu ... kerner 2.xxxx...(recovery mode)
which directly gives the user with root privilage.
Giving a startx gets the desktop as a root,
Instead of directly logging in as root it would better to ask the user of the root password.
I posted this in launchpad. Actually confusion where to post.
Thank You.
A Carafe of Ubuntu
If there is a way to either figure out or change the user's password, wouldn't that be a major security concern?
Ubuntu addict and loving it
If a bad guy has physical access to your machine, being able to log into the box in recovery mode and reset the password would be the least of your problems.Originally Posted by blakjesus
A Carafe of Ubuntu
Hmmm... Well, its a good thing that no one i personally know has only moderate windows computer knowledge. Although, as an extreme measure, what if i set my bios to not boot to a cd at all, set up a bios password, and then edited my grub to not even give a choice for alternate boot options. Would that lock my computer down enough? (I'm not actually going to do it, i just want to learn)If a bad guy has physical access to your machine, being able to log into the box in recovery mode and reset the password would be the least of your problems.
That way everything is locked by passwords and you can't boot into a live cd to change stuff.
(Also forget the fact that they could pull my hard-drive and other stuff out of my computer to get to my stuff)
Run, little guy, run...
Nope. I can remove the battery on the mobo for 30 minutes and your machine will reset it back to default so setting a password to get into the BIOS is useless if somebody has a physical access to your machine.Hmmm... Well, its a good thing that no one i personally know has only moderate windows computer knowledge. Although, as an extreme measure, what if i set my bios to not boot to a cd at all, set up a bios password, and then edited my grub to not even give a choice for alternate boot options. Would that lock my computer down enough? (I'm not actually going to do it, i just want to learn)
That way everything is locked by passwords and you can't boot into a live cd to change stuff.
(Also forget the fact that they could pull my hard-drive and other stuff out of my computer to get to my stuff)
That's why large corporations lock their machines in a secure room with password on the lock and only give limited access to a certain people.
In the world of Linux, who needs Windows and Gates...
Got most of my golden beans at an auction on eBay (with a couple of free drinks).
Oh Shiny
If you wanted to protect your computer from physical access use full disk encryption, maybe for more annoyance slap a good lock on the case to make it difficult to open.Hmmm... Well, its a good thing that no one i personally know has only moderate windows computer knowledge. Although, as an extreme measure, what if i set my bios to not boot to a cd at all, set up a bios password, and then edited my grub to not even give a choice for alternate boot options. Would that lock my computer down enough? (I'm not actually going to do it, i just want to learn)
That way everything is locked by passwords and you can't boot into a live cd to change stuff.
(Also forget the fact that they could pull my hard-drive and other stuff out of my computer to get to my stuff)
With full disk encryption no one can get into recovery mode (or anything on your hard disk for that matter) without knowing your long and difficult to guess passphrase that unlocks the encryption.
edit: As an aside you don't even have to pull the battery out for 30 minutes, you can short the cmos jumper for 3 seconds and get the same affect.
Last edited by jerome1232; December 18th, 2008 at 06:36 PM.
"You can't expect to hold supreme executive power just because some watery tart lobbed a sword at you"
"Don't let your mind wander -- it's too little to be let out alone."
Ubuntu addict and loving it
That would not be enough because you can "live" edit the grub boot menu entries and make it boot into "recovery mode".Hmmm... Well, its a good thing that no one i personally know has only moderate windows computer knowledge. Although, as an extreme measure, what if i set my bios to not boot to a cd at all, set up a bios password, and then edited my grub to not even give a choice for alternate boot options. Would that lock my computer down enough? (I'm not actually going to do it, i just want to learn)
That way everything is locked by passwords and you can't boot into a live cd to change stuff.
(Also forget the fact that they could pull my hard-drive and other stuff out of my computer to get to my stuff)
If you are surrounding by bad people and/or if you are paranoid about this, then set a difficult to guess root password, and then the "recovery mode" will ask you for that password instead of letting you enter that mode without any password.
(And apart from disabling booting from cd, there's probably the BIOS boot menu where people can boot from usb, isn't it ? Or will setting a BIOS password also disable the BIOS provided boot-menu ?)
A Carafe of Ubuntu
Ok thanks for the info. I really don't have any reason to be that paranoid, i just wanted to learn a little bit about that.
Oh Shiny
The problem with that method is if I take out the hard disk and slip it into another computer or a usb enclosure I can gain full access to the data/files on it regardless. Or just boot into a live cd and hand edit some files.
Which is why I say full disk encryption and physical security (locked case, locked room etc...) are the only answers for securing the computer locally.
"You can't expect to hold supreme executive power just because some watery tart lobbed a sword at you"
"Don't let your mind wander -- it's too little to be let out alone."
Ubuntu addict and loving it
The remark from the poster i've responded to was : "(Also forget the fact that they could pull my hard-drive and other stuff out of my computer to get to my stuff)". Hence my answer.
And concerning disk-encryption, a while back some new method was found to "freeze" the state of the RAM memory, and being able to get the passphrase (or keyfile content) from that.
Of course disk-encryption adds a good extra layer (Provided that you don't forget the passphrase or the keyfile), but it doesn't give you a theoretical 100% security.
(And i would not recommend disk-encryption to people who forget passwords easily.)
Posting Permissions
Adv Reply
Bookmarks