Is root in recovery mode a security risk?

[Irony]

I note that when I boot into recovery mode on my laptop or desktop pc that it goes into root@ubuntu if I type startx it then boots into root GUI - isn't this a security risk as I don't have to type in a password.

Also how do I set a root password - if I go to System > Administration > Users and Groups, root already has a password (presumably my irony password).

[Ocxic]

when using recovery mode you want to be root that way your sure every one of your changes is applied, it's for normal day to day computing that you want to just be a normal user and not root, that way you can't accidently do something to destroy/messup you system.

[Irony]

Its just that it seems that anyone could boot into the computer via recovery and mess with the files.

[Zwack]

Its just that it seems that anyone could boot into the computer via recovery and mess with the files.

Yes, which is why physical security is as important as "remote" security.

You might be able to set a root password and have that checked in recovery mode. I don't know if that works on Ubuntu, it does in other places. If you want to stop people messing with boot options then set a bios boot password and a GRUB password.

They can still get around these but you're working your way up...

If this still isn't good enough then buy Secure Solaris or Hp-UX or SCO CMW. You'll hate it very quickly but you will be very secure.

Z.

[schilcha]

Zwack, you made the run... anyways, here's my thoughts in the same direction...

If you can't trust your users that far, there's a password option for grub reduce boot-options for non-admin users.
Even in this case, a LiveCD can give you full access to the installed data (there's no root-pwd on the LiveCD). So you would also need a bios-pwd to prevent booting from cdrom.
Also other operating systems on the same machine can make your linux-data accessible without honouring priveliges (I know that rfstool for win gives a damn about file owners and permissions -- how should it do that?)
I guess to secure your data from normal and dedicated users, you'd need something like an encrypted filesystem, but I've never coped with that and I don't really know about its possibilities. Everything else is just bits on a disk. The OS takes care of what a user can and can't. If the OS doesn't care, there's no protection.

[psusi]

Neither a root password, nor a grub password, nor a bios password will prevent someone from booting the system and getting root access. If you can choose to boot grub into recovery mode, you can just as easily tell grub to add init=/bin/sh to the kernel command line, which will bypass a root password. If you can boot the system, you can get around the grub password by inserting another bootable media, like a cdrom or a usb memory stick. A bios password is the hardest one to get around, but even that can be done.

If you really want your system to be safe when captured by the enemy, you need to encrypt the hard drive.

[Zwack]

I guess to secure your data from normal and dedicated users, you'd need something like an encrypted filesystem, but I've never coped with that and I don't really know about its possibilities.

Encrypted filesystems will protect your data from other users but won't stop them being able to hack up the OS... And given that they can get full access to the OS then they can put something in there to record all of your key strokes and...

(I'm not paranoid... really, I'm not)

But something along the lines of a CMW system will only allow certain users to do certain things to certain files. A quick search for Compartmentalised Mode Workstation shows up some information as does Compartmenred mode workstation. I know that Sun, HP and SCO all had products, but I don't know what is currently available. HP-UX 10.16 was a complete pain to work with.

Z.

[Zwack]

Neither a root password, nor a grub password, nor a bios password will prevent someone from booting the system and getting root access.

I was assuming that a grub password is set to only allow them to boot into the normal mode. A root password is set so that they can't login as root and that a bios password was set so they can't change the boot path... (and the boot path is set to only boot from the first hard drive)...

They can still reset the bios CMOS settings, boot from another media, change the root password and they're in...

An encrypted filesystem will help, but only when used with the above, and all of the users need to be trusted.

A CMW still requires physical security but reduces the need for trust on users.

The only truly secure machine has already been rendered completely inoperable.

Z.

[23meg]

Local physical security is every bit (pardon the pun) as important as remote security. Keeping your laptop within your reach at all times and physically securing the space where your desktop / server resides should be your #1 priority, before passwords, encryption and firewalls.

[psusi]

Encrypted filesystems will protect your data from other users but won't stop them being able to hack up the OS... And given that they can get full access to the OS then they can put something in there to record all of your key strokes and...

(I'm not paranoid... really, I'm not)

That's why you encrypt the WHOLE disk ( including the OS ).