Re: sudo without password
- From: Florian Diesch <diesch@xxxxxxxxxxxxx>
- Date: Thu, 15 Jun 2006 03:17:35 +0200
Alan McKinnon <alan@xxxxxxxxxxxxxxxxxxx> wrote:
On Tuesday 13 June 2006 02:09, Florian Diesch wrote:
Alan McKinnon <alan@xxxxxxxxxxxxxxxxxxx> wrote:
Which raises the question: what _will_ work? I believe this
question needs some attention and a solution now, before the
malware problem hits Linux in a big way (which it surely will).
As long as windows is such an easy target I don't think this will
happen.
And malware needs critical bugs that aren't fixed for some time or
a bad user interface design that makes it easy to fool the user
about what's happening or make him ignore warnings. In both cases
Ubuntu is much better than windows
Agreed, but Ubuntu is also not immune to this either. What started
this off was a question about could a trojan watch for the user
running sudo, then piggy back it while the ticket was still valid.
This is quite easy, just add
while echo|sudo -S something_evil; do sleep 5; done
somewhere so it's executed by the window manager
Now, I'm all for strong walls, but I'd like additional defenses if a
trojan does get through.
<nitpick>
The trojans are the goods ones, the bad ones are the Greek inside the
trojan horse.
</nitpick>
Or put another way, the magic dwarf doors keep the 800 pound cave
troll out of Moria, but IF it does get through the door via the air
shaft I'd like a bit more firepower to hand than just Aragorn's sword
But do you really feel better if you have a magic ring that glows when a
troll grunts and offers you to stop the troll grunting?
We know that popup dialogs ala ZoneAlarm are better than nothing,
but
IMHO they are much worse than nothing as they interupt people's
work and teach them to click on everything that's not fast enought
to go away.
Most normal users just don't have the knowledge to decide whether a
program should be allowed to open a network connection or listen to
incoming connections so they just say "Yes".
If your system is infected by malware it's to late. The way to go
is to prevent the infection.
I hear your logic but I think it's faulty. No defense is impenetrable,
and if it is penetrated, many users won't know about it. Additional
effort expended to contain possible damage once the defenses are
breached as a good thing imho.
Yes. But popping up some dialogs doesn't help much I think. But it
annoys the user and makes him to click on popups without reading or it
gives him the wrong impression that he has stopped the malware by
clicking on the "No"-Button.
This is not a second line of defense, it's just some kind of intrusion
detection. The problem with every kind of IDS is that it requires the
user to know what's normal and what may indicate an intruder. An IDS is
a very useful tool for an advanced user but pretty useless Joe
Normaluser.
A better second line of defense may be using some kind of jails for
programs like web browsers or to give them very restricted privileges so
they can't access anything they don't need for doing their work.
are easy to ignore. We know that Ubuntu can easily install a
well-configured system suitable for a desktop, but the Achilles
heel is stuff installed afterwards.
People should know that it may be dangerous to install stuff from
obscure sources. They should know that most of the software they
want is available from their distribution.
Requiring that is like asking them to take ZoneAlarm seriously and
read all the dialogs for ever more. You can't have it both ways, if
they ignore the firewall they will ignore your warnings about not
installing trusted programs. I their friend Joe sends them a trojan
in a email, they will install it. Why because? Because Joe is
*trusted* therefore the software he sent must be trusted, right?
So if the user is the weak link your security model should not depend on
asking the user questions. If you don't want to allow every program to
open network connections use SEL or similar that allows you to control
this.
Of course this can't prevent a program from *sending* information as for
this it can just use a program the user works with, maybe by installing
a malicious firefox extension.
Us geeks find this hard to grok, as the user makes assumptions that we
think are idiotic. I talked to a bunch of users once about this and
realized that very few of them had ever considered that the computer
could be running trojan code in the background. Their viewpoint: "How
can the computer possibly be sending out 10,000 spam emails a day? I
didn't click on anything that sends mail!"
I do know enough "just office and internet" users to know that security
has to work without asking them questions they don't understand.
My mother is pretty good in using email and word (when she started to
use a computer a few years ago Linux just wasn't ready for her) but
every time something unexpected happens my phone rings.
IMHO good usability means not to ask questions unless it's really
necessary (or the users wants to be asked).
Florian
--
<http://www.florian-diesch.de/>
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- sudo without password
- From: Mladen Bestvina
- Re: sudo without password
- From: Alan McKinnon
- Re: sudo without password
- From: Florian Diesch
- Re: sudo without password
- From: Alan McKinnon
- sudo without password
- Prev by Date: Re: hotplug changes in Dapper?
- Next by Date: Re: Synaptec connection problem
- Previous by thread: Re: sudo without password
- Next by thread: Re: sudo without password
- Index(es):
Relevant Pages
|
