How come Trisquel don't have recovery mode?

17 replies [Last post]
aviramof
Offline
Joined: 02/27/2011

I have just installed Trisquel 4.5 and i have noticed that there is no recovery mode why is that?

Thanks in advance.

aviramof
Offline
Joined: 02/27/2011

P.S and how come it didn't copied my favorites from windows like normal Ubuntu do?

ruben
Offline
Joined: 09/24/2010

> I have just installed Trisquel 4.5 and i have noticed that there is
> no recovery mode why is that?

That would allow anyone with physical access to your computer to log in
as root, with no password. That makes no sense. If you need to do some
recovery, you can add the parameter "single" to the standard grub entry,
which by the way is protected against edition by a password. The
password is randomly generated during install, and is stored (and
readable by root only) at /etc/grub.d/01_PASSWORD

Please someone add this to the wiki.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

But someone with a physical access to the machine can plug a USB live system and read and edit everything (as far as the data are not encrypted) including /etc/grub.d/01_PASSWORD (if she wants to reboot on the regular system). So it does not really increase the security... Am I wrong?

ruben
Offline
Joined: 09/24/2010

> But someone with a physical access to the machine can plug a USB live
> system and read and edit everything (as far as the data are not
> encrypted) including /etc/grub.d/01_PASSWORD (if she wants to reboot
> on the regular system). So it does not really increase the
> security... Am I wrong?

That would be if the BIOS is not properly configured, something we can
do nothing about.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

With a physical access to the machine, you can reconfigure the BIOS to boot on your Live system. Even with a BIOS password, it is a matter of removing the battery on the mother card. That is true that it may prevent "Joe Sixpack" to access the files but it is not really security. The real security would be to encrypt the disk.

ruben
Offline
Joined: 09/24/2010

> With a physical access to the machine, you can reconfigure the BIOS
> to boot on your Live system. Even with a BIOS password, it is a
> matter of removing the battery on the mother card.

You can also hit it with a hammer. That kind of things are outside the
scope of the operating system, and would need to be taken into account
by the system administrator anyway. What *we* can do is closing a huge
backdoor in *our* *software* that provides no extra functionality.

The default setting would be enough for a school or enterprise
deployment by only configuring the BIOS and locking the case, which are
common practices on such environments.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Well, an easy way to change your password if forgotten is an extra functionality. In this case, the user will have to go through what an attacker would do: burn a Live system, reconfigure the BIOS to boot it, read GRUB's password and edit GRUB's menu. Nothing hard and that is my point: no extra security is provided (unless you encrypt the disk) given a local access to the machine. Nevertheless I understand your point: the alpha student/employee will not attempt to boot a Live system (if he/she even knows what it is!). However the alpha Trisquel's user, who lost her password, will not either...

ruben
Offline
Joined: 09/24/2010

> I understand your point: the alpha
> student/employee will not attempt to boot a Live system (if he/she
> even knows what it is!).

No you don't. Any student/employee would only be able to run a live
system if the administrator is dumb enough to leave the BIOS untouched.
If however the BIOS is properly configured and the case is (as it
should) tamper-proof, there would be nothing in Trisquel helping the
user become root.

It is funny to see this complaint, because I'm sure if Windows provided
a way to become administrator just by selecting it in the boot menu,
everyone would be mocking them -more-.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

But given a physical access to the machine, you can reconfigure the BIOS. A BIOS password makes it harder (you need a screwdriver) but not impossible. And the problem is the same whatever the OS. There is no real security unless you lock the computer (no physical access) or unless you encrypt the disk.

Ark74

I am a member!

I am a translator!

Offline
Joined: 07/15/2009

On Mon, 28 Feb 2011 01:19:15 +0100 (CET), name at domain wrote:
> But given a physical access to the machine, you can reconfigure the
BIOS.
> A
> BIOS password makes it harder (you need a screwdriver) but not
impossible.
>
> And the problem is the same whatever the OS. There is no real security
> unless
> you lock the computer (no physical access) or unless you encrypt the
disk.

At the begging of the topic you asked why there was no recovery mode on
Trisquel.
I would like to ask, why would you want recovery mode if it would be so
much easier to breake the security that doesn't envolve screwdrivers?

Recovery mode will always need the use of root user, right?
--
Luis A. Guzmán García
http://ark.switnet.org
¡Se Libre! -- http://fsfla.org/selibre/
The Hardware Database Project -- http://www.h-node.com

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Well, first of all, that was not me who asked that. Then, I have already explained an obvious use of a recovery mode: a lonely lambda user of Trisquel (probably most of Trisquel's users), who forgot her password, can easily change it with Taranis. With Slaine, because of apparent impossibility to boot the system, and by lack of knowledge (she is not a IT professional), she may instead go through a re-installation (and potentially lose her data). There probably are other use cases for a recovery mode.

In the case of a company/university, there is a professional taking care of the system. If she wants real security on the system, she will either lock the computer or encrypt the disk. If she thinks none of the user will ever bother opening the computer box to access the system, she may only remove the recovery line from GRUB's menu, set a password on it and another one to edit the BIOS configuration (specifying that no extern disk would be able to boot). Contrary to the previous case, she is a professional. She can do that.

ruben
Offline
Joined: 09/24/2010

> I have already
> explained an obvious use of a recovery mode: a lonely lambda user of
> Trisquel (probably most of Trisquel's users), who forgot her
> password, can easily change it with Taranis.

First, Taranis doesn't have a recovery entry either. Second, I also
explained already why your claim makes no sense: if you can forget your
password and still log into the system (as root!), something is wrong.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

We have a circular conversation (so I will stop answering after this post). Let me try to make my point again:

The security is about preventing the bad guys from reading/editing the data. It is not about preventing a legitimate user to use/repair her own system. Given a password on both GRUB and the BIOS you make it a little harder (need for a screwdriver) for the attacker who has a physical access to the machine. But it remains a matter of minutes: 1) remove the mother card battery, 2) plug a live USB system, 3) mount the partition, done. An administrator who is serious about security will either lock the computer (no physical access) or encrypt the disk (and that is not Trisquel's default). Even if this administrator believes it is enough to set a GRUB's password, she should know how to do that. It is her job after all! In contrast, the lambda user that apparently cannot log into her system (e.g., she suddenly needs data on her old computer but she forgot her password) may just abandon these data. As far as I understood Trisquel targets lambda users (individuals and small enterprises) too. Besides the loss of the password, the recovery mode may be useful to the lambda user when a partition is full, when the /home partition is corrupted, etc. I understand that an Edu edition would default with a BIOS password... and it should also default with encryption.

BTW: I have the recovery lines on Taranis. Is it because it was upgraded from the previous version?

ruben
Offline
Joined: 09/24/2010

> We have a circular conversation (so I will stop answering after this
> post).

So will I.

> The security is about preventing the bad guys from reading/editing
> the data. It is not about preventing a legitimate user to use/repair
> her own system.

Legitimate users have a password.

> Given a password on both GRUB and the BIOS you make
> it a little harder (need for a screwdriver)

If an screwdriver is needed, then it is not software related, we can do
nothing about it. But as per the software we distribute, we will make
it as secure as possible.

> In contrast, the
> lambda user that apparently cannot log into her system (e.g., she
> suddenly needs data on her old computer but she forgot her password)
> may just abandon these data.

You are still failing to realize that your suggestion is plainly "let
anyone log in with full privileges without a password or even an user".

> As far as I understood Trisquel targets
> lambda users (individuals and small enterprises) too. Besides the
> loss of the password, the recovery mode may be useful to the lambda
> user when a partition is full, when the /home partition is corrupted,

I have no idea of what a lambda user is, but you can do any fixing with
the live cd, usually the same one used for installing the system.
I'm not going to change this setting, and that is final.

> BTW: I have the recovery lines on Taranis. Is it because it was
> upgraded from the previous version?

Yes.

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Let us say that I am not answering... just letting the GRUB documentation talk:
"By default, the boot loader interface is accessible to anyone with physical access to the console: anyone can select and edit any menu entry, and anyone can get direct access to a GRUB shell prompt. For most systems, this is reasonable since anyone with direct physical access has a variety of other ways to gain full access, and requiring authentication at the boot loader level would only serve to make it difficult to recover broken systems.

However, in some environments, such as kiosks, it may be appropriate to lock down the boot loader to require authentication before performing certain operations."

That is what I call a lambda user: not a kiosk and not a university (in these cases, there is an administrator that should know what to do).

Ark74

I am a member!

I am a translator!

Offline
Joined: 07/15/2009

El sáb, 12-03-2011 a las 20:15 +0100, name at domain escribió:
> Let us say that I am not answering...
lol xD

Magic Banana

I am a member!

I am a translator!

Offline
Joined: 07/24/2010

Well, first of all, that was not me who asked that. Then, I have already explained an obvious use of a recovery mode: a lonely lambda user of Trisquel (probably most of Trisquel's users), who forgot her password, can easily change it with Taranis. With Slaine, because of apparent impossibility to boot the system, and by lack of knowledge (she is not a IT professional), she may instead go through a re-installation (and potentially lose her data). There probably are other use cases for a recovery mode.

In the case of a company/university, there is a professional taking care of the system. If she wants real security on the system, she will either lock the computer or encrypt the disk. If she thinks none of the user will ever bother opening the computer box to access the system, she may only remove the recovery line from GRUB's menu, set a password on it and another one to edit the BIOS configuration (specifying that no extern disk would be able to boot). Contrary to the previous case, she is a professional. She can do that.