On 2007-08-07, Paul Sladen wrote: > On a default Ubuntu with the root account locked, selecting "(recovery > mode)" will drop one straight to a root shell, without requiring a password. > > The idea behind this is simple; the only time time that somebody really > needs to do some form of recovery, is when the machine is in a very bad > state. Handling a really broken machine/forgotten password is a stressful > experience---the least that can be done is to optimise the recovery > operation by getting a user what they need, fast and efficiently.
Isn't that a bit of a security hole? I realize that having physical access to a machine means that ultimately you could open it up and clear the BIOS password in order to boot from a live CD, but that takes a lot more time than just rebooting and picking "recovery mode" from the GRUB menu to get root access. Of course, the GRUB menu can be password-protected, but that goes against the stress-reducing theory of making it easy to get into rescue mode. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.kubuntu.org/UKTeam/
