Ability To Change Root User Password (Vulnerability?)

You pretty much hit the nail on the head when you said that you need physical access to the machine.

If you have physical access, you don't need to go through the official steps to reset the root password, as you can flips bits on the hard drive directly, if you know what you're doing. I.e., you can boot up a recovery OS from a DVD or flash drive, and mount the drive that way to gain complete read/write access to the entire disk.

Disk encryption will mitigate the risk, but doesn't remove it entirely* but makes attacks much more complicated. It is best to assume that an attacker with physical access will be able to influence every aspect of the device in time.

Since it's assumed that attackers with physical access will always gain privileged account access eventually, there's little point in putting the legitimate administrators through extra trouble if they lost their password.

Every Linux distro that I have used has had this feature, though it's possible that some of the distros aimed at a more paranoid audience could disable this.

In addition, it's a standard feature in BSD Unixes, was tested for on the CCNA exam at least 15 years ago when I took it for Cisco devices, and it's fairly trivial to reset passwords on a Windows machine if it isn't explicitly secured.

* The attacker could for example add a backdoored kernel or initrd in the /boot directory, that needs to be unencrypted because the bootloader must be able to read the kernel and initrd files.


How is this not a glaring security vulnerability?

It is. Physical access to your system is the ultimate vulnerability.

Is there a way to disable this 'feature' so that it cannot be changed from GRUB like this?

Can you do this in all other Linux distros as well? Or is this a Redhat exclusive ability?

Make yourself aware of what is happening here:

Your operating system is not even running yet when the attacker takes control of your system.

While GRUB comes packaged with Linux, it's not an integral part of it, and actually, the attacker could replace GRUB with some other bootloader without the OS being any the wiser.

So it's not as much about your OS being vulnerable. It's about your OS, any OS really, having been taken out of the equation.

Even if you have your hard drive encrypted, requiring the user to enter the password before the actual boot. With physical access to your system, nothing keeps the attacker from e.g. installing a keylogger (hardware or software) to get that password the next time it is entered.

Since there is virtually no way to defend against an attacker with physical access to your machine, generic operating systems don't bother with making it hard(er) for an attacker with such priviledges. You've already lost the fight at this point.

Someone with physical access is, effectively, a root user.

Tags:

Linux

Root

Password Reset

Related

Is using 'echo' to display attacker-controlled data on the terminal dangerous? Do mail servers follow links in emails as part of a security scan before inbox delivery? Is using haveibeenpwned to validate password strength rational? What are the risks of just clearing cookies instead of logging off? How is leaving a telephone on the ground a "classic anti-surveillance technique"? How bad would a partial hash leak be, realistically? Why is openssl complaining that my certificate chain is self-signed? Is it possible to track/save Google searches that were never submitted? Is having a hidden directory under /etc safe? Why is there a need to modify system call tables in Linux? How can a company tell if my password is similar to the previous 5 passwords? Website returning plaintext password

Recent Posts