*** This bug is a security vulnerability *** Public security bug reported:
I might have found a security flaw with the root account in ubuntu 9.04. Even though the root account is disabled through the gdm login screen. By using this method I am describing someone or an attacker can put a password on the root account or enable it and then also change it to the option to allow the root account to login at the gdm screen. Then the computer could be compromised all because of the root account. 1. right click Fast user switch applet 2. Click edit users and groups 3. In the user settings box click on unlock and enter the sudo password. 4. Then with the root account visible click on the root account and click on properties. 5. Then on the account tab under the password section click on the radio button that says set password by hand. 6. Enter a password for the user password and for the confirmation then click OK. 7. Open up a terminal window and then type su then type the password you created in the previous steps. 8. Then you should be logged in as root in terminal and then the root account for the computer would be enabled. I am using: gnome 2.26.1 Ubuntu 9.04 32-bit Linux kernel 2.6.28-13-generic fast user switch applet 2.24.0 Thank you, Computerguy ** Affects: ubuntu Importance: Undecided Status: New ** Tags: account flaw root security ubuntu ** Visibility changed to: Public -- Security flaw with fast user switch applet 2.24.0 using ubuntu 9.04 https://bugs.launchpad.net/bugs/397947 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs