[Bug 1497909] [NEW] grub's root terminal in the recovery menu, makes it possible for physical hacking.

Imri Paloja imri_paloja at hotmail.com
Mon Sep 21 09:22:49 UTC 2015 

Public bug reported:

TL;DR
When my laptops is stolen, people can choose the recovery option from grub startup menu, select the root terminal and 
createa a privileged user.

FIX:

My proposed fix: When choosing the root terminal ask for the local
password for the local root privileged account.

If someone tries to create another account to 'steal' data? One still
needs a password

Long story

http://askubuntu.com/q/676545/36315

I messed up my Ubuntu, I only got a black when booting my Ubuntu. When I
started up my laptop, I selected the recovery option from the grub menu,
and choose fallback at root terminal. I saw that I was able to use the
add user command, which I probably could turn into a privileged user on
my machine.

Isn't that a security issue?

One could have stolen my laptop, and at startup chose recovery and add
another user, I'm fudged then. Including my data.

Come to think of it, even if you somehow remove that entry, one could
boot from a live-CD, get a chroot up and running, and then add another
user, with the right privileges that allows it to muck everything up.

If I set the BIOS to boot at my HD only, no USB, CD/DVD, Network
startup. And set a BIOS password, it still wouldn't matter. Because
you'd still have that grub recovery startup entry.

I am fairly certain that someone from China, Russia can't just hack my
Ubuntu Trusty Tahr, because it's secure like that. But, if one has
physical access to my - your - machine, then, well, that's why I'm
asking this question. How can I secure my machine so that hacking
through physical access is not possible?

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: grub (not installed)
ProcVersionSignature: Ubuntu 3.19.0-28.30~14.04.1-generic 3.19.8-ckt5
Uname: Linux 3.19.0-28-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.13
Architecture: amd64
CurrentDesktop: Unity
Date: Mon Sep 21 11:02:01 2015
InstallationDate: Installed on 2015-09-09 (12 days ago)
InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
SourcePackage: grub
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: grub (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub in Ubuntu.
https://bugs.launchpad.net/bugs/1497909

Title:
  grub's root terminal in the recovery menu, makes it possible for
  physical hacking.

Status in grub package in Ubuntu:
  New

Bug description:
  TL;DR
  When my laptops is stolen, people can choose the recovery option from grub startup menu, select the root terminal and 
  createa a privileged user.

  FIX:

  My proposed fix: When choosing the root terminal ask for the local
  password for the local root privileged account.

  If someone tries to create another account to 'steal' data? One still
  needs a password

  Long story

  http://askubuntu.com/q/676545/36315

  I messed up my Ubuntu, I only got a black when booting my Ubuntu. When
  I started up my laptop, I selected the recovery option from the grub
  menu, and choose fallback at root terminal. I saw that I was able to
  use the add user command, which I probably could turn into a
  privileged user on my machine.

  Isn't that a security issue?

  One could have stolen my laptop, and at startup chose recovery and add
  another user, I'm fudged then. Including my data.

  Come to think of it, even if you somehow remove that entry, one could
  boot from a live-CD, get a chroot up and running, and then add another
  user, with the right privileges that allows it to muck everything up.

  If I set the BIOS to boot at my HD only, no USB, CD/DVD, Network
  startup. And set a BIOS password, it still wouldn't matter. Because
  you'd still have that grub recovery startup entry.

  I am fairly certain that someone from China, Russia can't just hack my
  Ubuntu Trusty Tahr, because it's secure like that. But, if one has
  physical access to my - your - machine, then, well, that's why I'm
  asking this question. How can I secure my machine so that hacking
  through physical access is not possible?

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: grub (not installed)
  ProcVersionSignature: Ubuntu 3.19.0-28.30~14.04.1-generic 3.19.8-ckt5
  Uname: Linux 3.19.0-28-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.13
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Mon Sep 21 11:02:01 2015
  InstallationDate: Installed on 2015-09-09 (12 days ago)
  InstallationMedia: Ubuntu 14.04.3 LTS "Trusty Tahr" - Beta amd64 (20150805)
  SourcePackage: grub
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub/+bug/1497909/+subscriptions

More information about the foundations-bugs mailing list