Re: Vino should not be included in the default install
On Fri, Jun 03, 2011 at 11:36:03AM -0500, Mario Limonciello wrote: > On Fri, Jun 3, 2011 at 10:16, Bilal Akhtar wrote: > > I originally posted this message as [Bug 790009] on Launchpad. > > It was suggested that this list is a better place for the suggestion. > > -- > > > > Having "remote desktop" as an option in the default installation > > creates a security risk. > > > > It invites new users to enable it, not understanding the security > > implications. They then end up with unwanted connections to their > > machine. A quick look around the "security discussions" forum on > > ubuntuforums shows that this happens quite frequently. > > > > I propose that it should be removed from the LiveCD. If a remote connection > > program is needed, then something that*requires* SSH tunnelling could be > > provided. > > > > -- > > Jane Atkinson > > (Irihapeti) > > > > -- > > ubuntu-devel mailing list > > ubuntu-de...@lists.ubuntu.com > > Modify settings or unsubscribe at: > > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel > > > > > Removing sounds like a fairly heavy footed approach. If the UI to enable it > isn't informative enough to explain the security implications, perhaps that > UI should just be improved instead. The UI defaults to pretty reasonable settings. Unless those have changed since I've last looked, I don't think it's a concern. -Kees -- Kees Cook Ubuntu Security Team -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
Re: Default Desktop Experience for 11.04
Hi Rick, On Thu, Apr 07, 2011 at 06:38:27PM -0700, Rick Spencer wrote: > Back at UDS for 11.04 in Orlando, Mark set the goal of using Unity by > default on the Ubutu desktop. Given the current course of development, > it appears that we are going to achieve this goal, and Unity will stay > the default for 11.04. Before anything else, I want to say that everyone working on Unity has been rocking, and their efforts are to be applauded. I hope they will forgive me for the rest of this email. :P I was specifically asked to re-try Unity for today. I want to say up front that I don't really see myself as Unity's target audience, and I have had long-term problems with compiz's usability vs how I want to work. Regardless, this is my report. :) I had to finish my Patch Pilot shift first, but then spent the afternoon with Unity (and more frustratingly, compiz). Compared to earlier in the devel cycle, things are greatly improved from my perspective. But then I was fighting Intel driver regressions and plenty of other problems beyond just unity and compiz. At the time, compiz crashed every 5 minutes, and I couldn't go more than 30 minutes of this without just giving up so I could actually get work done. This afternoon, compiz only crashed twice, and I was able to use Unity for a few hours (most of the time spent filing bugs, see below). I am still using Unity at the moment, but bug 755156 has gotten so bad, I may have to go back to metacity soon. I still find it alarming that compiz crashes at all. I do not remember metacity crashing on me in several years, for example. I've previously opened a lot of bugs against compiz (most still open), so I was nervous to really dive into this and document my last few hours. Here are my notes, along with my crashes... - window resizing does not include window size information (especially critical for terminal geometry sizes) - workaround: ccsm / Utility / Resize Info (enable) - clicking this option crashed compiz (filed as LP: #755167) - apport did not pop up - is the notifier applet missing? - if so, how will people get security updates? - cannot reproduce crash - "unity --reset" does not reset themes (had to select Ambience manually to have a sane-looking indicator area). - cannot pick minimized applications out of launcher without 2 clicks in very separate screen locations - old interface: window switcher click for list, move slightly to desired window title, click again, done. - no visibility of window titles at all, actually - right-click on launcher produces popup that could not be interacted with - problem went away for no reason - cannot reproduce - did not file bug - right-click on launcher disables auto-hide. clicking other places outside the launcher does not close the pop-up. - problem went away for no reason - cannot reproduce - did not file bug - crashed when clicking launcher for Terminator while Terminators were running - all windows relocated the width of the top panel lower on unity restart - apport still did not pop up - filed mine as LP: #755146 - 7 other identical crashes - cannot reproduce crash - focus-follows mouse setting has no effect on launcher autohide speed - did not file bug - launcher autohides after raising a window even if mouse is still on it - did not file bug - desktop items are shifted right by the width of the launcher and cannot be moved back into position (dragging them causes the launcher to appear!) - didn't file, suspect this is by design - alt-tab is a disaster of sluggish responsiveness and frustrating timing (my long-standing objection to the compiz task switcher...) - best approximation of the snappy and responsive metacity-like alt-tabbing: - static application switcher behavior popup window delay = 0 speed = 50 timestep = 0.1 appearance opacity = 100 highlight mode = show rectangle - cannot find a way to get rid of the center window "preview" animations :( - focus-follows mouse happens after an alt-tab, defocusing selected window, even when not using mouse, but only some times, making me crazy - filed as LP: #755156 with video of behavior - windows disappear while dragging at/in the top panel, firefox stops rendering and performs freaky window clipping - reported as LP: #755152 with video of behavior - interacting with some fullscreen apps (xine) triggers inconsistent launcher unhiding - reported as LP: #755160 with video of behavior Marc Deslauriers is trying to convince me that focus-follows-mouse is evil, but since I'm neither using a touch-screen nor a touch-pad, I can't agree. Until I see something as convincing as this[1], I'll keep using it. :) Thanks! -Kees [1] http://www.faqs.org/faqs/unix-faq/shell/csh-whynot/ -- Kees Cook Ubuntu Securit
Re: Blocking execution of non-exec things
On Tue, Jan 19, 2010 at 11:38:54AM +0100, Martin Pitt wrote: > Kees Cook [2010-01-12 10:19 -0800]: > > As part of implementing the "Execute-Permission Bit Required" policy[1], I > > need to make changes to a few MIME handlers and to the nautilus .desktop > > file handler. > > > > The main issue is that of the error message to produce, and I'm hoping to > > get some input for that from the Desktop team. > > I actually find the current error message text quite good. Keeping it > would also mean to not break all the existing translations. > > How about we just drop the "Start anyway" and "Mark as trustworthy" > (translated from German) buttons and replace it with a "Explain..." > button which pops up a message box with further text, or opens a web > browser with a wiki page? Sure, that sounds good. For people upgrading from Hardy, I'm thinking we need to preserve the Start/Mark buttons when the .desktop has a ctime (marking a .desktop as executable doesn't change mtime) below a certain date; perhaps the release date of Karmic? For the Wiki, I've built: https://wiki.ubuntu.com/Security/ExecutableBit Currently the mime-support patch points there, but "cautious-launcher" (for MIME handlers) needs to be translatable. -Kees -- Kees Cook Ubuntu Security Team -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
Re: Blocking execution of non-exec things
Hi, On Tue, Jan 12, 2010 at 07:40:12PM +0100, Milan Bouchet-Valat wrote: > Le mardi 12 janvier 2010 à 10:19 -0800, Kees Cook a écrit : > > Hello! > > > > As part of implementing the "Execute-Permission Bit Required" policy[1], I > > need to make changes to a few MIME handlers and to the nautilus .desktop > > file handler. > > > > The main issue is that of the error message to produce, and I'm hoping to > > get some input for that from the Desktop team. > Maybe you already know about it, but here's the thread in > desktop-devel-list where it was decided how to phrase the dialog shown > when .desktop files don't have +x set: > http://www.mail-archive.com/desktop-devel-l...@gnome.org/msg15440.html > > There, the message was: > > The application launcher %s is not marked as trusted. If this > > application launchers source is unknown to you then it may be unsafe to > > launch. > > Sure, it doesn't do what you want, since it provides that bad button > "Launch Anyway" (which was there for transition mainly). Anyway, that > might be an inspiration, you could just remove the button. Right, this is about strengthening that message further. I've already uploaded a patch to remove the other buttons. :) Thanks, -Kees -- Kees Cook Ubuntu Security Team -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop
Blocking execution of non-exec things
Hello! As part of implementing the "Execute-Permission Bit Required" policy[1], I need to make changes to a few MIME handlers and to the nautilus .desktop file handler. The main issue is that of the error message to produce, and I'm hoping to get some input for that from the Desktop team. Thanks, -Kees [1] https://wiki.ubuntu.com/SecurityTeam/Policies#Execute-Permission%20Bit%20Required -- Kees Cook Ubuntu Security Team -- ubuntu-desktop mailing list ubuntu-desktop@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-desktop