Score:1

Why does Ubuntu recovery allow root access by default

fi flag

Ubuntu disables password based root login by default. That seems like it results in being able to boot into recovery and drop into a root shell without needing to provide a password, from where you can then give yourself access to the system.

Am I missing something or is that a vulnerability in the default install that allows you to bypass needing an account password?

FedKad avatar
cn flag
Your question is not clear. But, _as long as the boot disk containing the `/etc/passwd` file is not encrypted_ and you have physical access to the system or boot disk, you can always give yourself "root" access.
muru avatar
us flag
And also: https://askubuntu.com/questions/842070/how-is-being-able-to-break-into-any-linux-machine-through-grub2-secure
user535733 avatar
cn flag
If they have physical access, there are LOTS of ways to bypass login. Example: Plugging in a LiveUSB.
Score:0
ng flag

Yes, someone with physical access to your device would be able to do whatever they like with it unless you are using full disk encryption. This is true for any unencrypted device.

Even with full disk encryption, someone with physical access could manipulate boot instructions or wipe the hard drive.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.