Ubuntu root access.

One of the greatest features that Linux has to offer, is the ability to customize your version so that it works the way you like it. Being a computer science student I have many friends that run linux, and many running windows (most dual boot).

With some of my windows friends there is a bit of an on going war about who’s computer is better, IBM vs Dell, Windows vs Linux vs Mac, Ubuntu vs Fedora Firefox vs IE, Vista vs XP. The things to debate are endless, its mostly all in good fun but it can sometimes get heated. The great thing is that usually when someone finds a “flaw” with ubuntu I can fix it on the spot if I so chose. Common arguments are that the brown is ugly (I love the brow), all I need do is fire up beryl or compiz (gl desktop). And the argument is shutdown.

The other day it was pointed out to me that a “flaw” was that if ubuntu was booted into recovery mode that the user was then given root access without the need of a password. I know that /boot/grub/menu.lst controls grub so I open it up “sudo gedit /boot/grub/menu.lst” and search for the word “password” at line 28 I find

## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command ‘lock’
# e.g. password topsecret
# password –md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
# password topsecrete

I change it to

## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command ‘lock’
# e.g. password topsecret
# password –md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
password topsecrete

Go down to the bottom of the file and change

## ## End Default Options ##

title Ubuntu, kernel 2.6.20-16-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-16-generic
quiet
savedefault

title Ubuntu, kernel 2.6.20-16-generic (recovery mode)
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-16-generic

title Ubuntu, kernel 2.6.20-15-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-15-generic
quiet
savedefault

title Ubuntu, kernel 2.6.20-15-generic (recovery mode)
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-15-generic

title Ubuntu, memtest86+
root (hd0,0)
kernel /boot/memtest86+.bin
quiet

### END DEBIAN AUTOMAGIC KERNELS LIST

to

## ## End Default Options ##

title Ubuntu, kernel 2.6.20-16-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-16-generic
quiet
savedefault

title Ubuntu, kernel 2.6.20-16-generic (recovery mode)
lock
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-16-generic

title Ubuntu, kernel 2.6.20-15-generic
lock
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-15-generic
quiet
savedefault

title Ubuntu, kernel 2.6.20-15-generic (recovery mode)
lock
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-15-generic

title Ubuntu, memtest86+
lock
root (hd0,0)
kernel /boot/memtest86+.bin
quiet

### END DEBIAN AUTOMAGIC KERNELS LIST

Now not only can the user not access anything but my default boot option with using the very secure password, lol. While I don’t consider it a bug that the user could have gained access to the root before without a password I love how easy it is in Linux to prevent that kind of thing. Now all I need is to set my BIOS password so that the user cant boot of anything but the hard disk without a password.

About these ads

17 Responses to Ubuntu root access.

  1. This is actually pretty standard practice for most distributions. Ubuntu is just the only one that auto-adds a “recovery mode” option in grub. Anyone, on any distro (exept Suse in my experience) can append “1″ or “single” to the end of a grub kernel line and boot into the same “recovery mode”.

    If you want to add a password to yours run grub-md5-crpyt, which will ask for a password and return a hash value. Add a fourth line of “password –md5 ” (as seen in your example.

    Again, if this is a flaw in Ubuntu it is a flaw in every other distro (FC6, F7, RHEL, OEL, etc.) The same access that Ubuntu “recovery mode” gives is available, the user just has to manually add it at boot-time.

  2. earobinson says:

    I don’t think this is a flaw Christer, I was just pointing out how easy it is to fix it. And I know I could encrypt my password I just didn’t bother.

    Thanks for the feedback I should have pointed out how easy it was to encrypt a password.

  3. Not bothering to encrypt the password ? Bad boy… :) In any case someone with physical access to the machine only need a few more minutes to break such a system, using a Live CD and mounting the partition / looking for the right info, as you may know.

    I was going rto suggest taking a look at SUM: http://linuxfud.wordpress.com/2006/11/26/ubuntu-tool-highlight-startup-manager-configure-grub-and-usplash/

    Handle with care, as it has some warnings about possible corrupting your setup. I haven’t treid but it looks interesting and may become stable enough for future inclusion in Ubuntu.

  4. earobinson says:

    Fabian Rodriguez it was more a proof of concept than anything else, I could use bios passwords and such to stop live cd’s but ill look at your link when I have some time

    Thanks for the comment

  5. Ewan Mac Mahon says:

    Fabien’s point holds true though; an attacker with physical access can do anything, including extracting the disk and copying it using another machine. The only thing that can protect your data at that point is encryption.

    Christer @ 1 is missing a slight distinction between Ubuntu and most other distros; typically they’ll prompt for the root password if booted into single user/recovery mode – Ubuntu doesn’t have a root password by default so it can’t do that. I believe it will if you set one though.

  6. @Ewan – most other distros *don’t* require a root password on runlevel 1. I teach RHEL5 and OEL including FC3-6 and none of those require a root password when booting into runlevel 1. The *only* distro that I’ve found that does require it is SLES.

    /me heads off to blog about this topic…

  7. You really shouldn’t modify the DEBIAN AUTOMAGIC KERNEL LIST. All you changes will be lost next time you install a kernel, or any other package that invokes update-grub in it’s postinst/prerm hook.

    Instead, READ THE DOCUMENTATION. It’s in your grub.conf/menu.lst above the list of kernels. I believe you want to turn on the “lockalternative” and possibly “lockold” options. After you turn them on, you can run upgrade-grub as root to regenerate the list with your new preferences, and those preferences will persist across kernel upgrades. If you do need more or different boot stanza than are generated by update-grub, you should FOLLOW THE DIRECTIONS on at around line 53 of your grub.conf and “Put static boot stanzas before and/or after AUTOMAGIC KERNEL LIST”.

  8. infodroid says:

    yeah, the automagic section is created automatically by a script based on the information in the section before it (read the comments to see where that section is). so you shouldn’t ever modify the automagic section, just the template. once you modify the template, you run as root “update-grub”. that will then recreate your automagic section.

  9. earobinson says:

    Boyd Thanks for pointing that out :) I was just proving the concept but thats good to know.

  10. w4tch0 says:

    Exactly what Boyd Stephen Smith Jr. said. Oh, and btw. there is an exact guide on ubuntuguide.org which shows how to do exactly this properly (including password encryption):

    http://ubuntuguide.org/wiki/Ubuntu:Feisty#How_to_disable_all_interactive_editing_control_for_GRUB_menu

    Have a nice day :)

  11. [...] but more of a discussion or educational topic on grub.  It was inspired by the original post here and continued discussion in the comments.  I thought I would outline some suggestions on securing [...]

  12. [...] of mine. On of my posts that continues to baffle me in how much activity it gets is my post about ubuntu root access. This post resulted in a friendly argument between me and a friend during class. At the time it was [...]

  13. [...] of mine. On of my posts that continues to baffle me in how much activity it gets is my post about ubuntu root access. This post resulted in a friendly argument between me and a friend during class. At the time it was [...]

  14. gianni says:

    stupid

    you just have to set a root password, and you will be asked to put a password, after the boot actually, to login in the recovery console.

  15. earobinson says:

    gianni, The convention in ubuntu is not to have a root password but to instead use sudo

  16. radiowave411 says:

    Once loged into the computer
    Click System
    click login window
    go to security tab
    locate and check the box that says allow local systems administrator login.
    then click close
    then go to system
    click administration
    click users and groups
    click unlock
    enter your password
    select the user ” Root ‘
    click Properties
    under password
    click set password by hand
    then type password
    Click O.K.
    Then log off and login as user: root and the password you ser
    now you have full access

    this will only work under ubuntu and has been tested in ubuntu 8.10 and works OK

  17. Get reliable bug tested casino script and software for your Online Casino at casinowebscripts.com. Find best deals and lowest prices for online gambling scripts and software here!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: