Re: Ubuntu Desktop Security Defaults
On Wed, Apr 15, 2009 at 10:24 AM, Null Ack null...@gmail.com wrote: X security. He makes what seems to be a very sound suggestion about Plash and hooking into GTK, thus overcoming the problem of needing to in advance make determinations about what a desktop user might do and the X security problems. Chromium also uses this technique, using a trusted file open dialog box, to prevent a subverted renderer process from uploading arbitrary files: http://www.tomshardware.com/reviews/google-chrome-security,2271-3.html IMHO, Chromium has a very nice architecture. -- John C. McCabe-Dansted PhD Student University of Western Australia -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
Considering some noise happening in the blog space over a Linux magazine article about security problems with Ubuntu server I think we should re-visit this topic. The article is at: http://www.linux-mag.com/id/7297/2/ The key criticisms of Ubuntu server raised by Linux magazine are: 1. Default permissions of users home dirs open by default 2. Install allows for blank mysql root password 3. Allowing system accounts unnecessary shell session authority 4. Nonsensical deamons listening on the network despite other configurations servicing those needs In our previous discussion on this topic here, I introduced some personal concerns I have with Ubuntu desktop security with: 1. No firewall enabled by default 2. That AppArmor is providing a false sense of safety for users in controlling the damage zero day exploits could potentially do. AppArmor only protects one daemon, CUPS. By default it does very little. The reality is that other desktop distros such as Fedora have a far stronger set of security features than our beloved Ubuntu, I think we need to make progress on these issues. I think John previously made an excellent suggestion about using something like Plash with hooks into GTK. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
On Wed, Apr 15, 2009 at 11:03:26AM +1000, Null Ack wrote: Considering some noise happening in the blog space over a Linux magazine article about security problems with Ubuntu server I think we should re-visit this topic. The article is at: http://www.linux-mag.com/id/7297/2/ The key criticisms of Ubuntu server raised by Linux magazine are: This article and its content is already being discussed on the ubuntu-server mailing list: https://lists.ubuntu.com/archives/ubuntu-server/2009-April/002777.html -- Mathias Gug Ubuntu Developer http://www.ubuntu.com -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
Thanks Mathias. I note that discussion is limited to the Server build, whereas this discussion has both desktop and server build topics. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
On Wed, 15 Apr 2009 11:03:26 +1000 Null Ack null...@gmail.com wrote: Considering some noise happening in the blog space over a Linux magazine article about security problems with Ubuntu server I think we should re-visit this topic. The article is at: http://www.linux-mag.com/id/7297/2/ The key criticisms of Ubuntu server raised by Linux magazine are: 1. Default permissions of users home dirs open by default 2. Install allows for blank mysql root password 3. Allowing system accounts unnecessary shell session authority 4. Nonsensical deamons listening on the network despite other configurations servicing those needs In our previous discussion on this topic here, I introduced some personal concerns I have with Ubuntu desktop security with: 1. No firewall enabled by default 2. That AppArmor is providing a false sense of safety for users in controlling the damage zero day exploits could potentially do. AppArmor only protects one daemon, CUPS. By default it does very little. The reality is that other desktop distros such as Fedora have a far stronger set of security features than our beloved Ubuntu, I guess I was hallucinating working on the apparmor profile for clamav-daemon and freshclam (also run as a daemon) today. I have yet to work on a customer server that was Red Hat/Fedora based where SE Linux was not disabled, so whatever theoretical advantages it might have, in practice without a well trained guru to manage it, it does no good at all. Most of the article is not terribly accurate (see the today's archives of the ubuntu-server mail list for details). Scott K -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
I guess I was hallucinating working on the apparmor profile for clamav-daemon and freshclam (also run as a daemon) today. Thats great, though Scott please don't make the mistake of taking a strawman approach. What I said was about AppArmor defaults. I dont see my current dev build of the desktop having any profiles loaded by default other than CUPS. If the considered opinion is to continue with AppArmor then clearly getting more profiles into it is the way to go. However, if you look back into this discussion thread I think John made a very sound set of points about the limitations of AppArmor / SELInux etcetc type approaches for a desktop system and weaknesses of X security. He makes what seems to be a very sound suggestion about Plash and hooking into GTK, thus overcoming the problem of needing to in advance make determinations about what a desktop user might do and the X security problems. Regards Nullack -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
Gday John, Good to see another Aussie on the list and contributing some top info :) I've looked into Plash and I think your suggestion is excellent. I was thinking of a two pronged approach: 1. AppArmor / SELInux or whatever static like central policy to contain deamons, as these services typically have fixed functions and can be locked down in a static way. I note here that Microsoft did this locking down for Vista services, where they went through all the services and implemented a least privileged model. We could exceed Windows by doing least privileged but also protecting it through mandatory access control policies as well. 2. A longer term secondary phase of securing X. Again we find ourselves behind Windows where for Vista the security of their system was made more resilient against shatter attacks with a number of changes to make it far more difficult. Depending on the specifics of how X is secured, sandboxes like Plash could be considered too. I do disagree with you on enabling a firewall by default. What you say is well informed - yes, you can use injection attacks to bypass firewalls. A firewall is a basic level of protection that Windows and OSX use by default. Attacks have to be more sophisticated to circumvent a firewall using injection attacks for example. Regards, Nullack -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: Ubuntu Desktop Security Defaults
On Monday 16 March 2009 2:13:34 am Null Ack wrote: Gday folks :) There is difference between what I foresee as sensible security defaults for our desktop build against what is being currently delivered. It may very well be that there is aspects to the current setup that I am not fully aware of, and I'd like to better understand the reasoning behind the current situation if so. Otherwise, perhaps I could please suggest some possible enhancements: * Enabling UFW by default or some other firewall by default * Having AppArmor actually protecting the desktop build rather than what seems as currently a false illusion of coverage with just CUPS being protected NoScript addon installed by default would probably fall into the security that's too disruptive category, I'm guessing? Oh, and um...ufw enabled *for IPv6* as well. -- Mackenzie Morgan http://ubuntulinuxtipstricks.blogspot.com apt-get moo signature.asc Description: This is a digitally signed message part. -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss