I just found out that in order to have full acess to a kubuntu system, and all the files on it without ever entering a password, all you have to do is boot into failsafe mode and poof full acess. WTF is with that? Thats worse security than win98. Is there some way to fix this, or am I going to have to stop using kubuntu?
-
-
Re: No security in kubuntu?
Interesting. What is failsafe and how do you boot into it? -
Re: No security in kubuntu?
Its a minimal boot mode, simler to safe mode in windows. When the grub auto booter comes up hit the esc button when it says and you can chose to book into it.Originally posted by EmerzenComment
-
Re: No security in kubuntu?
EDIT: I think you're referring to Recovery Mode. Failsafe Mode is a different thing under the Session Type in the login screen.
This all presumes one thing: that the person who intends to harm your system has physical access to your computer. Once he/she has physical access, no amount of protection will be enough to save you.Comment
-
Re: No security in kubuntu?
I thought you had to login to a terminal in Recovery Mode? It's been awhile and I can't remember though. You can have a password set for GRUB to prevent this at the physical location of the computer though.Comment
-
Re: No security in kubuntu?
If there's a physical access to the machine you can get root access without a password regardless of the distribution (or OS)Originally posted by morikaweb
You can have recovery mode ask for a password (if you set a root pw), but it won't protect against adding boot options to grub to get root access.
If you set a grub password anyone with a LiveCD can get root access.
If you set a bios password to prevent booting from other media, anyone with a screwdriver can reset the bios or take the drive with them etc.
If you need to 'protect' your computer from local access, a good bios password is good for most practical purposes...you can also use encryption.
You can easily reset a forgotten password with the recovery mode as it is in (k)ubuntu...asking for a root password for recovery mode is not exactly a security risk as it is very easily overidden (with boot options or a livecd)
Comment
-
Re: No security in kubuntu?
one word...knoppix
as mentioned...if someone can touch your computer...they can do what they want with it no matter what...through any number of methods...Comment
-
Re: No security in kubuntu?
Fail safe is an option at login page i.e. KDE, Default and Failsafe. You still have to have the users password to login to failsafe mode. Recovery mode is an option at the grub boot menu which puts you at a shell prompt. You still need sudo at that point.
edit:
Yep, just tried it. Without the users password you cannot login to failsafe mode,
or KDE or Default.I tried Enlightenment once, it was pretty cool.Comment
-
Re: No security in kubuntu?
Yup...but the original poster is talking about the recovery mode, just a mix-up with the terminologyOriginally posted by bootdoc
The recovery mode opens up a root terminal...and it only asks for a root password if one is set up (otherwise you couldn't get into the recovery mode)Originally posted by bootdoc
But as I mentioned earlier...asking for a root password for the recovery mode offers very minimal protection (perhaps it protects from kids under the age of 5), but it isn't actually a security featureComment
-
Re: No security in kubuntu?
If security is truly an issue for you, try data encryption. Either encrypt individual files, or encrypt your entire drive.
See http://www.gnupg.org/ and http://www.gnupg.org/gph/en/manual.html
And as far as someone getting physical access to your laptop, if you're that careless with it, you're an ideal candidate for a job with the federal government
Comment
Comment