0

When booting, I can get root access to my Ubuntu 18.04 system without authorization by booting into emergency mode, i.e. by taking the following steps:

  1. Boot the machine, and in the GRUB menu, press e to edit the commands before booting
  2. Search for the line starting with linux
  3. At the end of that line, delete $vt_handoff and add the systemd.unit=emergency.target
  4. Press ctrl+x to boot; you are now root.

This should not be possible, right?

P.S.: I guess this isn't possible if you disable the GRUB menu

PDiracDelta
  • 315
  • 1
  • 5
  • 14
  • This only works when you have physical access to the machine and because of that the behaviour is _not_ considered a security flaw. – PerlDuck Jul 31 '18 at 10:40
  • 1
    See [_Can anyone with physical access to my computer access my files?_](https://askubuntu.com/q/712829) and [_How to secure my laptop so that hacking by physical access is not possible?_](https://askubuntu.com/q/676545), for example. – PerlDuck Jul 31 '18 at 10:46
  • Well OK, so a password is just for distracting non-tech-savvy people? I can live with that but I must say this comes as a big surprise to me. – PDiracDelta Jul 31 '18 at 10:54

1 Answers1

2

Yes and no. If you go in that direction, then the next statement is "Well, you can password protect grub", then the reply is "But then you can yank the drive and slave it in to something else". Then, "Should have used full disk encryption", and the reply is "cold boot memory scrapers". It goes on and on.

End result being, if you can touch it - you can make it yours. So, everything is operating as designed. Rescue mode without a password is by design and partially your fault for not putting in/setting a grub password.

RobotHumans
  • 29,190
  • 4
  • 76
  • 114