Comments on: Terminally Incoherent’s “Linux Fuckup Of The Day” — Using Single-User Mode To Recover http://blog.sudosu.net/2007/terminally-incoherents-linux-fuckup-of-the-day-using-single-user-mode-to-recover/ Got root? Sat, 25 Sep 2010 17:13:07 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: schof http://blog.sudosu.net/2007/terminally-incoherents-linux-fuckup-of-the-day-using-single-user-mode-to-recover/comment-page-1/#comment-2362 schof Wed, 27 Jun 2007 04:15:08 +0000 http://blog.sudosu.net/2007/terminally-incoherents-linux-fuckup-of-the-day-using-single-user-mode-to-recover/#comment-2362 <p>I think they leave the root password empty because they want to discourage people from logging in as root. (Mac OS X uses the same strategy.) They're big believers in sudo, for security reasons -- if you walk away from a sudo session, the password expires and root access goes away. (Unless you cheat, as per the name of this website, and enter "sudo su" to get a root shell.) ;-)</p> <p>Being able to boot into single user mode as root without a password isn't as big a security problem as it appears at first. Even assuming you blocked single user mode, an attacker could just boot from a live CD like the Ubuntu Desktop disk and then access everything on your hard drive.</p> <p>The security rule of thumb is that if someone has physical access to a computer, the game is over. There's nothing you can do that amounts to more than a speed bump. (Even encryption can be defeated if the attacker can install a keystroke logger and come back later.)</p> I think they leave the root password empty because they want to discourage people from logging in as root. (Mac OS X uses the same strategy.) They’re big believers in sudo, for security reasons — if you walk away from a sudo session, the password expires and root access goes away. (Unless you cheat, as per the name of this website, and enter “sudo su” to get a root shell.) ;-)

Being able to boot into single user mode as root without a password isn’t as big a security problem as it appears at first. Even assuming you blocked single user mode, an attacker could just boot from a live CD like the Ubuntu Desktop disk and then access everything on your hard drive.

The security rule of thumb is that if someone has physical access to a computer, the game is over. There’s nothing you can do that amounts to more than a speed bump. (Even encryption can be defeated if the attacker can install a keystroke logger and come back later.)

]]> By: Luke http://blog.sudosu.net/2007/terminally-incoherents-linux-fuckup-of-the-day-using-single-user-mode-to-recover/comment-page-1/#comment-2361 Luke Tue, 26 Jun 2007 02:19:30 +0000 http://blog.sudosu.net/2007/terminally-incoherents-linux-fuckup-of-the-day-using-single-user-mode-to-recover/#comment-2361 Thanks for the tip! I didn't think of that. :) Btw, just out of curiosity - will the single user mode just dump you at a root console without any authentication if root password is not set? Because that would be a security issue - what is the point of locking my workstation when I leave my desk, if someone could easily hit the power button, boot in single user mode, and do just about anything with the machine. If this is what happens, then I'm glad that I set the user password immediately after installing the OS. Thanks for the tip! I didn’t think of that. :)

Btw, just out of curiosity – will the single user mode just dump you at a root console without any authentication if root password is not set? Because that would be a security issue – what is the point of locking my workstation when I leave my desk, if someone could easily hit the power button, boot in single user mode, and do just about anything with the machine.

If this is what happens, then I’m glad that I set the user password immediately after installing the OS.

]]>