User: Password:
|
|
Subscribe / Log in / New account

Storm worm gains strength

Storm worm gains strength

Posted Aug 30, 2007 19:24 UTC (Thu) by oak (guest, #2786)
In reply to: Storm worm gains strength by IkeTo
Parent article: Storm worm gains strength

> that program is under a sandbox that never include more than the
combined power of the user and sandbox of that package.

So you would be only securing the system, not what user has? (user doesn't
care about "system", they care about their own data, the data to which
they have access)

> And people frequently see packages floating on the web, and many claims
to do useful things that they want to do. And in most cases these claims
turn out to be true. To the point that most people will trust that the
thing they found will be among them, except they might be wrong.

And currently Ubuntu is educating users with its sudo system that whenever
anything popups up a "password" dialog, you're supposed give it your own
password. And with that password the programs are able to do the same
things as root (with sudo). Secure, yeah...

Security by obscurity... "our system is more secure because it doesn't
have a well known root account name"... (It could be more secure if Ubuntu
would educate people to create a completely separate account for
administration.)


(Log in to post comments)

Storm worm gains strength

Posted Sep 1, 2007 8:42 UTC (Sat) by IkeTo (subscriber, #2122) [Link]

> So you would be only securing the system, not what user has? (user doesn't
> care about "system", they care about their own data, the data to which
> they have access)

Then they should. If the system itself is not secure, we don't have a basis to talk about data security. If the system is compromised, you can trust the system to recover from neither the system nor its data. If only user data is damaged you can still trust the system. Also, since distributions like Ubuntu enpower users without much previous Unix experience or knowledge to install a Linux based system, it means they are in charge of the system, so there is no "system administrator" but themselves to keep the system in a secure shape. But how distributions can make sure their users are capable to do so? The answer needs to be: By making it simple enough. Of course the user *also* care about data security. That is very much the same argument, albeit much more difficult to provide without very much education.

> And currently Ubuntu is educating users with its sudo system that whenever
> anything popups up a "password" dialog, you're supposed give it your own
> password. And with that password the programs are able to do the same
> things as root (with sudo). Secure, yeah...

I actually do not use a Ubuntu system regularly, I have installed one and used it for less than a week. So I don't perfectly know the security implications, even though I read a lot about it. On the other hand, popping up the password dialog is no longer unique to Ubuntu. Fedora does the same. The only difference is that they prompt for the root password rather than your own password.

So Fedora is more secure *because* it prompts for the root password instead of the user password? When a Fedora (or even Debian!) system asks for a user password? What is the difference that the system trains the user to distinguish? The answer: a Fedora user prompts for the user password only for (1) login, and (2) change user password. The system thus trains the user to distinguish system access and login/password changing. What a good deal... even the worst naive idiot can distinguish them! Bottom line, if a home user using Ubuntu can be tricked to type his own password and install a malicious .deb package, the same user having switched to Fedora can be tricked to type the root password to install an equivalent malicious .rpm package.

My belief is that the system design should distinguish two types of activities that the user can be expected to do: (1) those that the users are expected to do from time to time and are easy to do, and (2) those that are hard enough to do that the user will never do casually. (1) should be safe enough that the action cannot jeapodize the system at all; and (2) should be rare enough that a casual user need not use them at all. Since Ubuntu (Debian, Fedora, whatever) is a system that allows third party packages, and their target is to make it easy, it is in class (1), so it means they should be rock solid. This is perhaps a big dream, but having a dream is better than having no dream.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds