Is root in recovery mode a security risk?

[Zwack]

Local physical security is every bit (pardon the pun) as important as remote security. Keeping your laptop within your reach at all times and physically securing the space where your desktop / server resides should be your #1 priority, before passwords, encryption and firewalls.

Of course a physically secure machine that is wide open to the internet is useless too. You need to balance this all...

Practical security is a trade off between security, cost and usability.

CMW is very secure, is fairly expensive and is really nasty to have to use. The trade-off is not normally worth it.

Like everything else you need to decide how much you trust your users, how much you can put up with in the way of extra effort, and how much you can afford to spend on this. With a lot of money and a lot of extra effort you could put your computer in a vault with a security guard standing watch over your users... But is that reasonable.

Think of trade offs, decide what you want to accomplish (or legally have to with HIPAA and Sarbanes-Oxley) and then implement it.

Z.

[Zwack]

That's why you encrypt the WHOLE disk ( including the OS ).

In which case you have to decrypt it so that they can access your machine (I am assuming other users on this machine and it seems reasonable given that he is worried about people rebooting it...)

If you don't have any other users then yes, encrypt the whole disk, and never leave it up when you leave it.

Z.

[ramiro]

I booted into recovery mode for the first time today (it was an accident). and when it finished booting it dropped me at a root prompt, without asking for a password or anything! Is this the standard behaviour? Because this seems to be very insecure...

[meborc]

this is very standard and highly necessary, when u have managed to damage your system or lost your password... i guess that is why it has a name of RECOVERY

it is true, that it seems a bit insecure (a lot for that matter) but it is the only way to have a chance to fix your system when everything else fails

[ramiro]

I understand that, but couldn't they at least ask for a password?

I mean, it doesn't take much for someone to completely destroy my machine.

[aamukahvi]

It's just like Win95 where you could bypass the password prompt by pressing Esc

[wien]

I mean, it doesn't take much for someone to completely destroy my machine.

But they would have to be in front of your computer though. If you trust someone enough to let them come that close to your computer, they usually wouldn't do anything like that anyway. And if someone actually does get into your house and do that, your computer is probably the least of your worries.

[aamukahvi]

And if someone actually does get into your house and do that, your computer is probably the least of your worries.

Some skinny hacker armed with a wireless mouse... He'd be needing some serious recovery mode after that

[meborc]

i guess if you'r really scared, then you can delete the recovery option lines from your grub menu ... but if you then mess up your comp, then you'r in trouble...

AND if you don't guard your BIOS settings with admin password, it is easy to get access to your comp by setting it boot from cd and using knoppix... just a thought

[erze]

You can password protect grub if you want.

In a terminal:

Execute grub:
$ grub

Enter the md5crypt command:
grub> md5crypt

Enter the password you want to use:
Password: ********

Example of respond from grub:
Encrypted: $1$k823K1$2qUgkIIUD7p6YMRXRDTw3/

Remember the encrypted password.

Quit grub:
grub> quit

Open /boot/grub/menu.lst and add your encrypted password "password --md5 $1$k823K1$2qUgkIIUD7p6YMRXRDTw3/" to this section:

## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command 'lock'
# e.g. password topsecret
# password --md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
# password topsecret
password --md5 $1$k823K1$2qUgkIIUD7p6YMRXRDTw3/

Locate this section:

## should update-grub lock alternative automagic boot options
## e.g. lockalternative=true
## lockalternative=false
# lockalternative=false

Change it to:

## should update-grub lock alternative automagic boot options
## e.g. lockalternative=true
## lockalternative=false
# lockalternative=true

Save and quit menu.lst.

Excute update-grub:
$ sudo update-grub

Reboot...

Recovery mode is now password protected.

I take no responsibilities for anything that may go wrong and make your system unbootable !!!!!