|
|
Subscribe / Log in / New account

GNOME 3.4 released

GNOME 3.4 released

Posted Mar 28, 2012 21:32 UTC (Wed) by Pawlerson (guest, #74136)
In reply to: GNOME 3.4 released by elanthis
Parent article: GNOME 3.4 released

I didn't know the system with the holes being open since a dos era can be more secure. I also don't get it how the system that doesn't get updates to security holes in hours, but months can be more secure. I also don't understand how it is possible 100 holes can make you more secure than 10? Rather than spreading FUD would you be so nice and enlighten me?

http://www.h-online.com/security/news/item/Study-analyses...

to post comments

GNOME 3.4 released

Posted Mar 29, 2012 7:26 UTC (Thu) by imgx64 (guest, #78590) [Link] (10 responses)

This sort of condescending attitude isn't very productive, is it? Just because Windows is less secure than Linux overall, doesn't mean we can't learn a lesson or two from it.

So, is there a way, when I sit on a computer, to know that I'm entering my password in XDM and not in some other program a malicious user ran?

GNOME 3.4 released

Posted Mar 29, 2012 15:43 UTC (Thu) by cortana (subscriber, #24596) [Link]

alt+prtsc+k, I believe. But it's only suitable for logging in, and not for unlocking your session, because when you press it it kills everything in the current virtual console, and relies on init (or some other daemon) restarting a trusted instance of the login/?dm.

GNOME 3.4 released

Posted Mar 29, 2012 15:52 UTC (Thu) by dgm (subscriber, #49227) [Link] (4 responses)

> So, is there a way, when I sit on a computer, to know that I'm entering my password in XDM and not in some other program a malicious user ran?

Well, let's go bit by bit.

1. Ctrl-Alt-Del is only a relatively safe. The code that handles it is secure only because it belongs to the Windows kernel, but it resides in a file on the filesystem, and in memory addressable by code running in ring-0. So any exploit that gives you write permissions for that file, or ability to run ring-0 code (install a driver) can allow you to subvert it. Unfortunately there's a TON of such exploits, so I guess this only serves to prevent wannabe hackers and pranksters.

2. Is your login the only password you type on your computer? I bet not. What about all those? Depending on the software you use and web sites you vist it can be a considerable number of passwords entered. And probably those include the ones a malicious program would really be interested in, actually.

3. And yes, there is: configure your XDM so that it looks different from the default. Don't forget to mark the configuration files to be only readable by root.

GNOME 3.4 released

Posted Mar 29, 2012 16:48 UTC (Thu) by abo (subscriber, #77288) [Link] (2 responses)

None of which is a valid argument against implementing similar functionality in GNU/Linux/X/GNOME, preferrably using the same key combination. It makes a whole lot of sense.

GNOME 3.4 released

Posted Mar 29, 2012 21:46 UTC (Thu) by blujay (guest, #39961) [Link] (1 responses)

Eh, I'm not so sure. If malware can inject itself like that, it can already have its way with your data and run whatever code it wants. Would it really need to escalate to root?

I hate having to press Ctrl+Alt+Del to log in. It's an awkward, two-handed chord, and Windows uses it as a crutch because of its inferior security model. Sure, if Linux had such a system from the kernel up through X, it'd be a tiny bit more secure--but with the fundamentally more secure model, and by using trusted binary repositories, I don't think it's necessary. Besides, what are you going to do, press Ctrl+Alt+Del every time you have to type your password? Ugh!

BTW, SELinux on Ubuntu works quite well with Firefox. I can't vouch for how well it stops exploits, but it's there, and is kept up-to-date by Ubuntu.

GNOME 3.4 released

Posted Apr 7, 2012 6:09 UTC (Sat) by abo (subscriber, #77288) [Link]

I agree with all of that, but it's still useful in cases where you let untrusted run with full screen access (webapp/flash, remote desktop etc) and with multi-user machines (you trust the admin but not all the other users).

GNOME 3.4 released

Posted Mar 30, 2012 1:49 UTC (Fri) by cortana (subscriber, #24596) [Link]

In a Windows setting where you use Ctrl+Alt+Delete (workstation joined to a Windows domain), the only password that matters _is_ the user's password. In this setup, this password gets you access to everything via Windows Integrated Authentication (basically kerberos).

GNOME 3.4 released

Posted Mar 29, 2012 16:31 UTC (Thu) by Pawlerson (guest, #74136) [Link] (2 responses)

This sort of condescending attitude isn't very productive, is it? Just because Windows is less secure than Linux overall, doesn't mean we can't learn a lesson or two from it.
Yes, you are right, but I know the person I was replying to. The problem is every argument falls on deaf ears in this case and the FUD is being spread. ;)

GNOME 3.4 released

Posted Apr 5, 2012 12:21 UTC (Thu) by elanthis (guest, #6227) [Link] (1 responses)

> Yes, you are right, but I know the person I was replying to. The problem is every argument falls on deaf ears in this case and the FUD is being spread. ;)

You absolutely do not know me, in the least. You have never met me, never had a conversation with me, and couldn't guess my motivations or beliefs to save your life.

That said, there's no FUD here. Windows is more secure in that it offers user-facing security features that Linux never has. There's absolutely no argument here. Sure, maybe Windows -- offering tons of features and subsystems that the Linux desktop does not -- has more lines of code and hence more places for mistakes to be made is truth, but that's entirely different than the _design_ of Windows being one focusing on desktop security, where as Linux focuses on ancient POSIX-compatible time-shared system security.

On the desktop, security is not "user A cannot negatively affect user B." On the desktop, security is "user A accessed something that could find a hole in random application he's using, but that still shouldn't negatively affect user A."

Linux has almost no solution here, besides adding SELinux (only even used on one major-ish distro) and some weak sand-boxing. Windows has numerous features that help to ensure that even if the sand-boxing mechanisms (which, according to more than a few places, are more complete and secure on Windows than on Linux) are broken, the conscientious user still has means to do a basic sanity test of the screen he's staring at.

Yes, the Windows mechanisms can be hacked by modifying Windows, but then the same can be said about Linux. I've seen root-kit'd Linux systems. They're a thing. Maybe you're not aware.

But hey, claim you know me, say that basic facts are "FUD," and then try to discredit me. That's the kind of response reasonable people expect out of folks who make emotional -- rather than logical -- attachments to technology, and isn't doing "your side" (which I'd say I'm on; I don't post here just to make fun of people, but rather to point out the dumb things that the Linux community could be doing better with) any favors. :(

GNOME 3.4 released

Posted Apr 5, 2012 16:33 UTC (Thu) by khim (subscriber, #9252) [Link]

That said, there's no FUD here.

Oh, but there is. Right here:

Windows is more secure in that it offers user-facing security features that Linux never has.

Security can not be measured by counting features. In fact often additional features make security worse, not better. Windows ACL model is quite powerful and convenient, but I'm not sure it offers better security. It's complexity is it's worst enemy. When I try to remove SYSTEM-owned file in FAR from Administrator account it explains to me that it can not be done. Unless I'll give permission agree to “try harder” - then it repeats with DEBUG permissions and file is gone. That's not security, that's snake oil.

That's entirely different than the _design_ of Windows being one focusing on desktop security.

Windows is designed for convenience, not for security. Sure, Windows NT was designed with some good security ideas in mind, but when it become obvious that they hurt performance and usability most of them were abandoned and subverted.

Only after huge outcry when totally insecure design of Windows XP (let's not even talk about Windows 9X, ok) created plethora of malware Microsoft started adding features which can provide real security on desktop. Some of them are genuinely useful, some are more of snake oil.

Linux has almost no solution here, besides adding SELinux (only even used on one major-ish distro) and some weak sand-boxing.

Actually seccomp sandboxing can be quite robust, but hard to use. There are interesting development in this direction under Linux which makes it more useful.

But hey, claim you know me, say that basic facts are "FUD," and then try to discredit me.

FUD education 101:
Basic fact: in Windows you can do X, Y and Z, in Linux it's impossible.
FUD: Windows is super-hyper (according to more than a few places), Linux is meh (according to more than a few places).

Where are your facts?

Here is an example of your “fact”:

On Linux, there's basically no way to be sure that the screen you're looking at is really your desktop or admin panel or whatever and not some other malware that injected itself via the a hole in the non-sandboxed Firefox processes Linux users are still primarily using as their Web browsers.

First of all it mixes the issues (Chrome uses pretty robust sandbox on Linux), then it includes true statement (yes, Windows's Ctrl-Alt-Del is pretty robust protection against some kinds of attacks) but omits an important detail (in Windows Vista and above you don't need to press Ctrl-Alt-Del before you'll be asked to enter Admin's password).

The sad truth is that Ctrl-Alt-Del was useful security feature in Windows NT 3.1, but over time Microsoft worked long and hard to make it less and less useful. Today Microsoft have trained users to enter password after screen “flash” instead of doing it after Ctrl-Alt-Del. Which turned Ctrl-Alt-Del from genuine protection to snake oil security.

This “fact” is FUD, plain and simple. Good, high-quality FUD (it includes genuinely true statements and lies mostly by omission), yes, but it does not make it less FUDish.

GNOME 3.4 released

Posted Apr 3, 2012 7:35 UTC (Tue) by lindi (subscriber, #53135) [Link]

Very good question. I've been searching for a solution for quite some time.

If you just want to login securely then the best solution is to bind some key to just restart your display manager. My own prototype for this is

http://lindi.iki.fi/lindi/git/xsakd.git

but the idea is simple: it is just a daemon that reads /dev/input/by-path/platform-i8042-serio-0-event-kbd so there is no way to inject a fake key press programmatically. I wrote this to test how to make a variant of sudo that would not expose my password to all X clients:

http://lindi.iki.fi/lindi/git/sido.git/


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds