Hi,

When I was repartitioning my HD and booting a USB flash drive, I found
what may be a security flaw with sudo.  This problem might not affect
computers with Linux installed so this might not be a problem.  It goes
as follows...

I booted off the USB flash drive and opened a terminal window.  Once I
got a command line I entered "sudo gparted".  Next sudo asked for a
password.  Since I didn't use any password when making the bootable
Linux flash drive, I pressed <ENTER> without typing anything in.  Sudo
accepted it and gparted started.

Do we really want to allow root access when booting to a flash drive?
Maybe when booting from a USB drive or a CD-ROM, sudo should match the
root (sudo) password that is on the Hard drive.  Of course, since I did
not have Linux installed yet, in this case sudo acted appropriately.

Bill Stanley

--
ubuntu-users mailing list
ubuntu-users@list...
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users