Let’s just say that I accidentally shot myself in the foot … sudo became unusable leaving me pretty much dead in the water. None of the ‘solutions’ I found on the Internet would work for me. I couldn’t even use Timeshift to restore a snapshot that had been made just a few hours before the mistake. In trying this and that, I managed to gain root access. I will not explain how I did it here in a public forum. I cannot believe that this hole in security is intended and it wasn’t all that hard to find. BTW - sudo is working again because of it. How can I report this safely?
Thanks, carmar. Done.
1 Like
Hi @JimH, thanks for your PM to me.
The Zorin OS Live system (when running Zorin OS from a USB drive) is able to access root without a password. This is normal behaviour for all Linux systems, and is what makes it possible for the installer and Boot Repair utilities to work on the Live system, as they require root privileges to work.
This only gives root access to someone with physical access to the computer, who is running Zorin OS from a USB drive on it.
If you are using Zorin OS and need the data on your computer to be protected from someone with physical access to the computer, I would recommend you to select the “Encrypt the new Zorin OS installation for security” option when installing Zorin OS. This will encrypt the entire disk, which will block any access to the Zorin OS partition for reading or writing data.
1 Like
Thanks, AZorin. In fact, I do not need to protect my machine so I will do nothing. It actually saved my goose because I could not run timeshift to undo my damage until after I discovered this entry point. I was just surprised.