SoylentNews

"gewg_" writes:

from the didn't-mean-to-leave-that-in-there dept.

El Reg reports [theregister.co.uk]

A pair of researchers from the University of Valencia's Cybersecurity research group have found that if you press backspace 28 times, it's possible to bypass authentication during boot-up on some Linux machines.

The problem's not a kernel nor an operating system problem, but rather one in the very popular bootloader Grub2 [ubuntu.com], which is used to boot an awful lot of flavours of Linux.

Essentially, if you enable Grub2's password protection during system startup, it won't do you much good--it can be easily defeated. (Luckily, the vast majority of distributions of Linux do not enable this by default.)

As Hector Marco and Ismael Ripoll explain in an advisory [hmarco.org], hitting the backspace key 28 times at the [username prompt of the GRand Unified Bootloader] during power-up will produce a "rescue shell" under Grub2 versions 1.98 (December, 2009) to 2.02 (December, 2015).

[...]The researchers have also cooked up a fix, available here [hmarco.org].

Original Submission