On Wed, Feb 25, 2009 at 12:02:58AM -0500, Michael Gilbert wrote:
> since there is no root password set up during installation, a local
> attacker can simply boot into the root account (without being prompted
> for a password) via single user mode ("single" kernel option).Have you tested that this is actually the case? "no password" != "empty password". Booting in single user mode should not allow you to bypass the password prompt, and if it does, that's a bug in the sulogin program. > [1] discusses the details of the method for password recovery, but the > same can be used for malicious purposes, of course. > [1] http://linuxwave.blogspot.com/2008/09/ubuntu-forgotten-password.html This link explicitly shows overriding the init value in the bootloader. That doesn't appear to have anything to do with vulnerabilities with how the root account is set up. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ [email protected] [email protected] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
