Bug 457627 - Access to root on boot before password request
Access to root on boot before password request
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: grub (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Peter Jones
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-08-01 17:56 EDT by Chris Jones
Modified: 2008-08-04 03:17 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-08-04 03:17:35 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Jones 2008-08-01 17:56:33 EDT
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. Press any key to stop grub from starting the default kernel.
2. Press 'a' to edit the line.
3. Add to the end of the line ' single' ([Space] single but you know that)
4. Press enter and wait. 

Actual results:
Just after it has mounted the file system, it loads up in the shell as root
without having to type in a password.

Expected results:
Expected to type in my 2 pass codes for the encrypted partitions then load
everything and boot in text mode. login to a user in normal text mode.

Additional info:
I have the root and home partitions encrypted so I had to typed those pass codes
in first befor it booted into the shell as root.

I am using the 2.6.25.11-97.fc9.i686 kernel.
Comment 1 Tomas Hoger 2008-08-04 03:17:35 EDT
Chris, this is not a grub flaw, it's rather well-known behavior in all current and previous Fedora / Red Hat Enterprise Linux / Red Hat Linux versions.  If you want to block attacker with physical access from booting to a single user mode, you should password-protect your grub configuration.

As you also noted, in case of encrypted disks, you need to know encryption passwords to get root access.

If you want to see the password prompt even in single user mode, you'd have to file RFE bug against initscripts, as that's the place where such prompt may be added.  grub is very unlikely to ever have such feature (it's just not its purpose).

Note You need to log in before you can comment on or make changes to this bug.