> > > we complain about the basic M$ windoze setup being insecure - this > Ubuntu configuration is not dissimilar > > so do i file a bug report, a security flaw or what - and where. > > thanks > ram > > On 1/4/08, Mehul Ved <[EMAIL PROTECTED]> wrote: > > On 1/4/08, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > So is this a bug, and security hole or what. Does this need to be > reported > > > > It's what is called single user mode. This is how it is. > > No one can exploit it unless they have physical access to the machine. > > If y> > > -- > > ubuntu-in mailing list > > ubuntu-in@lists.ubuntu.com > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-in > > > > -- > ubuntu-in mailing list > ubuntu-in@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/ubuntu-in > ,ou want to avoid people having physical access to the machine to > > be unable to exploit this then set GRUB password. > I believe, not only ubuntu, but for any linux distro , if you dont setup a bootloader password on your machine , its very easy to get admin access and run any of the commands from the single user mode. Its a common practice by linux admins to use single user mode to recover lost root password.
If you are concerned about physical security, you MUST setup bootloaded password. Similarly, its also possible to boot using boot cds and mount partitions on your system and access data without caring about the permissions etc. So what you say is a flaw, is in my opinion should be addresses under physical security. thanks gshah
-- ubuntu-in mailing list ubuntu-in@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-in