[Bug 1011786] Re: The "dpkg" option in the Grub Rescue Prompt can be used to gain root access

Jamie Strandboge jamie at ubuntu.com
Fri Jun 22 20:46:43 UTC 2012 

Thank you for using Ubuntu and reporting a bug. The user can enter
rescue mode without going through the dpkg option by accessing the root
option in the recovery menu in the first place. The real issue here is
that the user has physical access to the machine. While one can lock
down the BIOS, set BIOS passwords, reconfigure grub and set a root
password (if you decide to set a root password, you should be prompted
for it in rescue mode), you'll still want to remove physical access as
well. An attacker with physical access can bypass any grub restrictions
easily (eg with bootable media or removing the hard drive).

** Changed in: grub (Ubuntu)
       Status: New => Won't Fix

** Visibility changed to: Public

** This bug is no longer flagged as a security vulnerability

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub in Ubuntu.
https://bugs.launchpad.net/bugs/1011786

Title:
  The "dpkg" option in the Grub Rescue Prompt can be used to gain root
  access

Status in “grub” package in Ubuntu:
  Won't Fix

Bug description:
  When holding the shift-key down while booting ubuntu 12.04, one can
  enter the grub rescue prompt. In this grub rescue prompt, there is a
  "dpkg" menu-entry that mounts the root (/) filesystem read/write while
  operating, and that is OK. But unfortunately, it does not remount the
  filesystem read-only when leaving the menu option again, so if someone
  afterwards chooses the "root" menu-entry, one can actually gain full
  control of the system and for example install and remove packages with
  apt-get.

  This can for example be used by students on schools and universities
  to install and remove their own applications on physical machines,
  even if the CD/DVD drive has been removed. So I would suggest that the
  root filesystem should be re-mounted read-only again after leaving the
  "dpkg" menu-option in the grub rescue prompt.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub/+bug/1011786/+subscriptions

More information about the foundations-bugs mailing list