[Bug 997308] Re: [GRUB-PC] Security Fail - Root access without password in recovery mode.

FR. Loïc 997308 at bugs.launchpad.net
Thu May 10 07:30:56 UTC 2012 

You have no concept of security.
Imagine ubuntu installed in a supermarket, a cyber coffee...
Here it is not necessary to run chroot in a live cd to change the password!
Learn from the other distributions, root password in grub.
In this way if the user can not change the BIOS boot order it will not hack ubuntu!

In business there is usually only a password to change settings bios ...
With your "design" it will be possible for anyone to hack into the
computer.

In french:
Vous n'avez aucun concept de la sécurité.
Imaginez ubuntu installé dans un supermarché, dans un cyber-café...
Là il n'est pas nécessaire de faire un chroot depuis un live-cd pour changer le mot de passe!
Apprenez des autres distributions, l'accès root doit forcement nécessité un mot de passe.
De cette manière si l'utilisateur ne peut pas modifier l'ordre d'amorçage du bios (car il y a principalement de 2 types de mots de passe bios, 1 à l'accès, l'autre seulement pour les modifications) il ne pourra donc pas pirater ubuntu.

Dans les entreprises on trouve généralement un mot de passe seulement
pour modifier les paramètres bios... Avec votre "design" il sera
possible pour n'importe qui de pirater l'ordinateur.

** Changed in: grub2 (Ubuntu)
       Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/997308

Title:
  [GRUB-PC] Security Fail - Root access without password in recovery
  mode.

Status in “grub2” package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  Root access without password with grub-pc in Ubuntu 12.04 LTS.
  Root access must necessarily need a password!!!

  Thanks, best regards

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: grub-pc 1.99-21ubuntu3
  ProcVersionSignature: Ubuntu 3.2.0-23.36-generic 3.2.14
  Uname: Linux 3.2.0-23-generic x86_64
  ApportVersion: 2.0.1-0ubuntu5
  Architecture: amd64
  Date: Wed May  9 22:00:09 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
   PATH=(custom, no user)
   LANG=fr_FR.UTF-8
   SHELL=/bin/bash
  SourcePackage: grub2
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/997308/+subscriptions

More information about the foundations-bugs mailing list