Example exploit had a bug in it that I just noticed.. ..one year later, almost.. feh. anywho, this is the example repaired. It's uncomfortably simple. Security will need some work as Ubuntu grows.
Perhaps we could make a "Desktop User" who can (gk)su to do only specific tasks, such as some or all the programs that are in the system/administration menu, but to disallow running of other executables. This won't prevent a malicious .deb from being installed, but it will go a long way in fighting simple exploits without getting in (most) users' way. How/where would I get involved in helping to fix this (I don't need a whole explanation, I can read documentation, I just mean -- what package crew, etc?) ** Attachment added: "An exploit that rather easily allows someone to grab root." http://launchpadlibrarian.net/10210058/Root_Access.sh -- Malicious program run as user can compromise system https://bugs.launchpad.net/bugs/93964 You received this bug notification because you are a member of Ubuntu Bugs, which is a direct subscriber. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs