Skip to main content

cherrypick - Link to source

I think I found a security bug in Linux Mint.

Install Linux Mint 22 (Cinnamon) with password requirement to sign in. Using the GUI have Mint update. Reboot. Confirm that you need a password to use sudo (you do).

In the "start menu" (app menu), open "Users and Groups" and create another administrator. Note there is no option to require password sign in, but that is not the greater issue.

Log out, log in as your new user. Open "Users and Groups" again. Delete the 1st user. Reboot.

Guess what, you never need a password, ever again. You can right click and run as root anytime you want, you can run sudo anytime you feel like it. No passwords or prompt warning you of your actions. Install any random DEB file without any prompt.

You're basically root.

#Linux #Mint #LinuxMint #Security

screenshot of the user and group app, showing no options other than if you want to be user or admin, plus what name do you want to use.
#Linux #security #mint #linuxmint
in reply to Linux Is Best

Linux Is Best
cherrypick - Link to source
Linux Is Best

Microsoft Windows has better security protection than Linux Mint.

Do yourself a favor, if you're going to use Linux for the 1st time, install Ultramarine Linux (Kde Plasma edition). You'll be safer.

#Ultramarine #UltramarineLinux #Mint #LinuxMint #MintLinux #Linux #Windows #Microsoft

#Windows #Linux #microsoft #mint #linuxmint #ultramarine #ultramarinelinux #mintlinux
in reply to Linux Is Best

Matt Chambers
mastodon - Link to source
Matt Chambers
Ummmmm, can you cite something that shows what you say is true?
in reply to Matt Chambers

Linux Is Best
cherrypick - Link to source
Linux Is Best
How would you cite something you discovered? I can technically record a video, I guess. -- Be right back.
in reply to Linux Is Best

Linux Is Best
cherrypick - Link to source
Linux Is Best

In this video, I quickly created oz3, logged out, and the 1st thing I do after switching users is run, "sudo apt update" without any password.

Note: Video will be DELETED in a few hours. I am not going to keep it up forever.

in reply to Linux Is Best

Linux Is Best
cherrypick - Link to source
Linux Is Best

Screenshot shows a simple "who am i" command and also what group Linux Mint gave me from making the new user.

#LinuxMint #Mint #MintLinux #Security

who am i, says I am oz2. sudo groups oz2 without needing a password reports oz2 : oz2 sudo nopasswdlogin
#security #mint #linuxmint #mintlinux
in reply to Linux Is Best

Avoca
mastodon - Link to source
Avoca

Is this actually a Security Bug?

As far as I know, it is only 'highly recommended' to use a password/second user(other than Root) in the first place rather than an absolute requirement.

I think all you have done is restore your install of Linux to it's original state. The fact you needed the password to login means it's secure from boot.

Interesting though. I'll be keen to see the vox pop feedback on this.

#Linux #LinuxMint

#Linux #linuxmint
This entry was edited (1 year ago)