I work in a lab environment. The BIOS is locked not to boot from CD, and
grub has a password for recovery mode. Several gnome settings are locked
down, etc.
Though in my lab boxes are not physically locked, most students do not
know that taking out the motherboard battery will often reset the
pass
The advice is wrong, as that would have effect because it's the default
behaviour in Ubuntu.
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66001
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
> If a root password is set, sulogin will ask for it.
The advice given is not to set a root password (by setting the
password hash to an invalid value).
Either the advice or the behaviour of sulogin is wrong.
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66
Why does the behaviour of sulogin negate this?
If a root password is set, sulogin will ask for it.
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66001
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu
There is a list of things to do to secure an Ubuntu install here:
http://ubuntuguide.org/wiki/Dapper#What_are_the_basic_things_I_need_to_know_about_securing_my_Ubuntu
It recommends disabling the root account with "sudo passwd -l root".
The behaviour of sulogin negates the benefits of this advice
6) give up?
Crowbar open the case, take the drive out
Just pick up the case, pop it in the deep freeze (which will wipe the
BIOS password)
etc.
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66001
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
h
There needs to be a doc somewhere explaining the steps to achieve a
setup that is as secure as possible when people are expected to have
physical access to the computer.
1) Lock & alarm the case
2) Disable booting from CD, floppy, USB
3) Set a BIOS password
4) Set a grub password
5) Set a root pas
There is no security issue here.
If somebody has physical access to your laptop, they can walk away with
it, or boot with init=/bin/sh, or remove the hard drive.
The root password offers ZERO protection
** Changed in: sysvinit (Ubuntu)
Status: Confirmed => Rejected
--
on fscheck a root
** This bug has been flagged as a security issue
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66001
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
** Changed in: sysvinit (Ubuntu)
Status: Unconfirmed => Confirmed
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66001
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
A specification was started about this problem:
https://features.launchpad.net/distros/ubuntu/+spec/no-automatic-root-login-for-grub-recovery
Somebody needs to work on it.
--
on fscheck a root shell is presented without password
https://launchpad.net/bugs/66001
--
ubuntu-bugs mailing list
ubunt
since this is the default behaviour, I'd consider this somewhat
critical. With Malcom's rationale, it seems wise to me, harden my
notebook by setting a root password. This would mean that we need to
document this somewhere.
Of course you can argue that anyone who can boot the machine effectively
h
upstart calls sulogin to start a root shell.
sulogin does not prompt for a password when root doesn't have a password.
root doesn't have a password on Ubuntu as Ubuntu uses sudo for administration.
** Changed in: upstart (Ubuntu)
Sourcepackagename: upstart => sysvinit
--
on fscheck a root shell
13 matches
Mail list logo
