Page 20 of 32 FirstFirst ... 10181920212230 ... LastLast
Results 191 to 200 of 315

Thread: Physical access is root access

  1. #191
    Join Date
    Jul 2005
    Location
    Sydney
    Beans
    2,543
    Distro
    Ubuntu Jaunty Jackalope (testing)

    Re: Jaunty roots quite easy

    This has been raised a couple of times over the years on various lists. The consensus is that the convenience of the recovery mode well outweighs its (small) security implications. Even without the recovery mode entry, you can edit the boot entry from grub to do the same thing.
    Remember: if your problem is not described on a Launchpad bug, it can only be fixed by accident!

  2. #192
    Join Date
    Apr 2006
    Beans
    521
    Distro
    Ubuntu Jaunty Jackalope (testing)

    Re: Jaunty roots quite easy

    Is there any way you can think of them being able to "re-add" the recovery option without sudo privileges? I normally just comment it out on a fresh Ubuntu install.

    Also; if your /home partition is encrypted, a Live CD wouldn't be able to read it without the key, right?

  3. #193
    Join Date
    Jul 2005
    Location
    Sydney
    Beans
    2,543
    Distro
    Ubuntu Jaunty Jackalope (testing)

    Re: Jaunty roots quite easy

    Quote Originally Posted by chris062689 View Post
    Is there any way you can think of them being able to "re-add" the recovery option without sudo privileges? I normally just comment it out on a fresh Ubuntu install.
    By editing the kernel line from the grub prompt. Alternatively, by booting from a live CD.

    Quote Originally Posted by chris062689 View Post
    Also; if your /home partition is encrypted, a Live CD wouldn't be able to read it without the key, right?
    Right. Encryption is easily the most secure option. Although, if you really, really care, only encrypting /home will potentially leave the keys or sensitive data lying around unencrypted in swap.
    Remember: if your problem is not described on a Launchpad bug, it can only be fixed by accident!

  4. #194
    Join Date
    Jul 2007
    Beans
    85
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Jaunty roots quite easy

    Quote Originally Posted by hotshotdj View Post
    physical access to the hardware is a security risk no matter what you do. Of course it is possible to protect against only the most casual intruder by setting a root password, but all they have to do is pop in a cd-rom to gain full access no matter what you do with the software, including password protecting grub. One could password protect the bios and disable booting from a cd/dvd, usb, etc., but if one has access to the machine, it is a simple matter to for the determined intruder to reset the bios.

    In other words, once an individual has their hands on your hardware, it is generally game over.
    +1, though considering the rate at which performance of encrypted volumes is becoming better, this might change soon.
    Last edited by sarang; December 26th, 2008 at 05:33 AM.

  5. #195
    Join Date
    Dec 2006
    Beans
    1,133
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Jaunty roots quite easy

    You can add a password to grub in various ways, such as requiring a pw to edit the boot lines or to select a certain boot option, or to block booting entirely until a password is entered.
    There are no dumb questions, just dumb answers.

  6. #196
    Join Date
    Dec 2006
    Location
    Cottonwood Arizona
    Beans
    35

    Re: Jaunty roots quite easy

    thank you naddiseo
    thank you HotShotDJ
    thank you MacUntu
    thank you albinootje
    thank you RAOF
    thank you Sarang
    thank you lswb

    one question if i was to encrypt say my /home folder could I still share it on my home network?
    or would I need a key on each pc?
    Last edited by sintacto; December 26th, 2008 at 06:13 AM. Reason: more info

  7. #197
    Join Date
    Apr 2007
    Beans
    79
    Distro
    Ubuntu 8.04 Hardy Heron

    Exclamation Root flaw?

    I do not know if I am the only one to really notice this but, Ubuntu poses an inherent threat when installed.

    If someone were to attempt to login to you computer the could in fact change your password or even create their own as long as they have physical access to your computer.

    How is this possible?

    Simple when you install Ubuntu it never askers for a root password. THIS IS BAD BAD BAD BAD BAD. Ubuntu is the ONLY distro I have tried (and I have tried a lot) that does not make you create a root password.

    You can simply reboot a computer and on grub select the recovery boot option. Tell it to drop to root. It askes for a root password so just hit enter and you in as root.

    You now have free rein over the computer you can create or remove users, change or remove passwords, or you could do worse if your really malicious.



    So the question I have ot the Ubuntu developers and the community.

    Is this done on purpose? If so why? and If this was not known how could you not. I hope there is an upcoming fix. I know a user could simply set a root password but if you ask on install you eliminate a threat that a normal user may not know about.
    Linux. Learn it, Live it, Love it.

  8. #198
    Join Date
    Jul 2005
    Location
    Richmond, VA, USA
    Beans
    Hidden!
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Root flaw?

    This subject has been beaten to death and back. Physical access to a computer effectively negates the security features of any operating system.

  9. #199
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Root flaw?

    and if someone gains physical access to your windows computer they can also get all data they want... encryption is the only option here.

  10. #200
    Join Date
    Feb 2007
    Location
    Romania
    Beans
    Hidden!

    Re: Root flaw?

    in other distros(by default) you can add init=/bin/bash
    to the kernel line in grub to boot into a root shell.

    is that safer?

    Quote Originally Posted by hyper_ch View Post
    and if someone gains physical access to your windows computer they can also get all data they want... encryption is the only option here.
    +1

Page 20 of 32 FirstFirst ... 10181920212230 ... LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •