HomeBlogspharon's blog

crappy security

pharon's picture
Sat, 2008-04-26 22:47 — pharon

During the hardy development cycle I discovered this horrible "feature"; While booting up choose a "recovery mode" item from the grub menu, and ubuntu boots into single mode.
So far so good. Now at the end of the boot process it will present you with a nice ncurses menu to "fix xorg" , "root shell" and something else. Choose "root shell" and you get one without even being asked for a password!

Now I am all for user friendliness and everything, but this is ridiculous. I resorted to password protecting my grub boot menu. Here's how:

* run "grub-md5-crypt" in a terminal feed it a password and spits back an md5crypted one.

* open up /boot/grub/menu.lst in your favorite editor and find somewhere near the top where you can add a line that looks like this :

{{{
password --md5 $cryptyougot
}}}

replacing "$cryptyougot" with the output of step one

* After each boot item you want to password protect add the word "lock". I locked all the "recovery" items as well as all the windows boot items, but left the default option unlocked. It will ask for a password in gdm at login time.

* Of course this wouldn't be complete without making the computer boot from the hard disk only and password protecting the BIOS setup.

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Fri, 2008-05-16 14:57 — pharon
pharon's picture

fixed

https://bugs.launchpad.net/ubuntu/+source/friendly-recovery/+bug/220986

So it was a bug after all.

Sun, 2008-04-27 18:32 — jsight (not verified)

Not bad security...

Physical access does yield easy access to your data. Do you also lock your firewire ports to prevent malicious devices from stealing access to your machine via the shared ram exploit?

Anyone who has physical access can get in pretty quickly if they are prepared. While your precautions are reasonable, it is hard to fault Ubuntu for not deluding people by hiding how easy it is to get passwordless root access by booting from a cd or any other medium.

Sun, 2008-04-27 21:32 — pharon
pharon's picture

exactly

"if they are prepared"... I don't see many Matrix style hackers around these days :)

My laptop does have one firewire port, never had any use for it, so I blacklist "ohci1394". I roll my own kernels too, and I include only the functionalities I need compiled into the kernel.

Anyway, this still doesn't excuse Ubuntu from allowing everyone under the sun to gain passwordless root on everyone's boxes.

Sun, 2008-04-27 10:25 — Anonymous (not verified)

True, but

The fact is that any computer you have physical access to is vulnerable.

Password protecting grub and only allowing the bios to boot from harddisk with a password is good, but that doesn't mean it's safe at all. It's pretty easy to reset the bios. And then it doesn't matter grub has a password.

As long as it is safe from attack/access from the internet I'm content.

Sun, 2008-04-27 10:45 — pharon
pharon's picture

I beg to differ

Mind first that I was referring to a laptop, so if by physical access you mean theft, then that's something different, you would need to encrypt your sensitive data.

However I don't like locking my screen and going to the bathroom for example, to find that someone power reset the machine and got root access.

Unscrewing the laptop's back cover and resetting the BIOS would take at least 15 minutes if you are skilled, and I wouldn't leave my laptop unattended that long.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options