Security category

This doesn't happen very often, but it really shouldn't happen at all. Someone on the Ubuntu Forums removes herself (the only admin user on the system) from the admin group, so she can't sudo and has to reboot into recovery mode to add herself back to the admin group.

Even though, anything should be possible by manually editing the /etc/sudoers file or making other terminal-based changes, people should not through the GUI of Users and Groups be able to remove the last admin user from the admin group.

To solve the potential problem of malicious repositories
(repositories advertised online contain malicious packages. Users add these repositories to their source-list and get infected with the malware in these repositories/out of date repositories like the "attacks on package managers" by the university of arizona):

Add a blacklist to apt where known malicious repositories can be blocked.
The list is kept up-to-date by regular updates.
This is a fix. Not a solution.
Important: The ubuntu repositories must not be blocked (or it would lead to a update-dos)

I would appreciate it if both the brainstorm and ubuntuforums.org would be protected via SSL for login and cookie exchanges.

Virtually all other sites related to the wiki, documentation, launchpad, etc, use SSL, and I wish the same could be said about these as well.

In a recent forum discussion, some felt that there's no point to protecting those sites. But most will agree that many people use the same password for everything, and even though a compromise of a forum password may not seem like much, it could be an issue elsewhere.

Case in point, all wiki modifications show the IP address of those that make the changes. If this person uses the same password for the wiki as their forum account, not only is it a risk to the wiki, but if their personal machine is remotely accessible via SSH, etc, then that user is also at risk if the password is also the same on their computer.

Yes... people need to follow best practices... but if you have the ability to help people and it comes at virtually no cost to you, then why not?

Hope others feel the same way. Thanks for listening.

KDE has this functionality. You can set that when you close the laptop lid, the screen automatically gets locked.
In GNOME you have to manually lock it and afterwards close you lid.
I think KDE's approach is faster and more secure and it wouldn't be too hard to make GNOME copy this behaviour.

I have some passwords stored in firefox, some in gnome wallet, others in kde wallet and so on and so forth. Does not make much sense to me. I want one general password manager that firefox, evolution, thunderbird, pidgin, gnome and kde hook up to!

Probably there should be one password manager backend and an API to it. KDE and GNOME then would provide a GUI for it and all other apps use the daemon through the general API.

If the user is connected to an unencrypted wireless network or the encryption is weak (WEP), display either a warning symbol on the network icon or display a warning message (popup/slidein).
Make this information available using dbus for other applications(online banking).Using this information they can stop the user from doing anything dangerous like banking over an unencrypted and open connection.

I would like to be able to connect to the software repository using a secure connection that uses SSL.

This will prevent man-in-the-middle attacks (MITM).

It will also prevent example a totalitarian government to snoop on what I download or update. Example, maybe I download cryptography, anonymity or privacy software.

It will also insure that the repository is the real repository, and not a fake one that hosts a Trojan horse or a keystroke logger.

There are ways to "missconfig" the compiz advanced features in ways that leave the user with various bugs.

For example a friend of mine misconfiged his compiz and couldnt click on anything anymore (default click became=move window or smth like that).
If I were not at his home at the time and didnt show him how to "tab" through the list and deactivate the setting he would be unable to use his mouse for anything, leaving a normal user like him with only one solution: reinstall the system without being able to backup anything.

Compiz should warn about dangerous settings or at least have something like "keep current settings or go back to last configuration" when the user closes the compiz settings window. So there is an easy way to "go back" after screwing up.

In my opinion this is a security problem. I can think of two scenarios:
* You are able/allowed to connet to a secured network and trust all other participants on that network. Now, by mistake, the encryption is disabled by the AP administrator. You still send confidential data over the network without knowing that everybody can evesdropping.
* Maybe this problem is also usable for an active attack: Is it possible to provide an access point with the same ssid / (MAC?) in a way, that it 'shadows' the proper access point? (sending with more power, sending on a different channel?)

Once a connection was established to a encrypted network, there should at least a warning if that encryption no longer exists (changed?).

I'd like to see a means added of enabling a secure mode for my own user (or system-wide for some options).


EXAMPLES OF TRIGGERABLE OPTIONS:
- Require SSL HTTP connections
- Require Encrypted Voip connections
- Require all communications use encryption
- Only allow execution of Signed Binaries.
- Disable External Web Browser Plugins (Flash and Java).
- Block all wireless connections
- Ability to see all established connections in the window.
- Disable all hooks in Xorg that could allow key monitoring, screen viewing/snapshotting, or mouse tracking.

BENEFITS:
- Users have a better guarantee that their traffic isn't being read
- Users can verify that the binaries they have downloaded belong to their source.
- Paranoid users will love linux.
- Helps reduce the chances that a keylogger/remote desktop viewer can be used to watch you type in your bank details.


Whilst it may not prevent very elaborate forms of Man-in-the-middle attacks, I would love to have a way to help lock down my connections whilst performing banking for instance. Its all good setting up file system policies and such, but if you cant guarantee that an attacker cant slip malicious code into a file you are downloading, whats the point?

Add group authorization support to PolicyKit. (right now only users are supported) So you can e.g. give the whole group "wheel" certain rights.

Please add Seahorse support to Evolution and Thunderbird.

I noticed something about the samba configuration when setting up a new samba share. If I didn't go in and manually configure the permissions for sharing to occur, it would deny me access when trying to access that samba share remotely from a windows computer.

I propose that when creating a share, that the permissions locally are automatically adjusted for the share to work. I know this makes it difficult to fix because of the limited permissions that are given in linux file systems. But it is very frustrating that I need to check the local file system permissions after creating a share if that share doesn't work. It should all just work.

This problem is very noticeable if you want to share a folder in your home directory with a different username then your own since you need to basically figure out what to set the permissions to in order for it all to work. And there is no automatic method of doing it.

There's a common problem for Ubuntu users who have enabled the automatic connection. When you login manually, your password get stored somewhere and you don't need to retype it each time you start an application who needs it. But when you autologin, some applications require typing your password again. That's stupid, cause if I set up automatic connection, it was to avoid those repetitive password entries.

So, I don't know how is managed the password in Ubuntu, but please change it so that an automatic login does the same as a manual one.

Example : I installed Ubuntu on my mother's computer (and fought to do so). As she hates password and doesn't have a brilliant memory, I set up automatic login (by the way, Microsoft Windows® doesn't ask any password), and create two shortcuts on her desktop, Evolution and Firefox. She launches Evolution, and a silly keyring manager appears over her screen.

I've read forum to fix this, but the solution is removing the "login" entry in the Keyring manager, which, first, isn't very secure, but second, is too hard to change (as a newbie).

Notice there are other cases you get prompted for password in you set up automatic connection : Gnome-Do for me =/.

Currently, ufw logs the firewall to kern.log (the log file for kernel messages).
I think it should log them to a separate file such as firewall.log instead.

Protect System Files From Accidental Deletes ,as the title suggest its harmful to system and user itself.there should be a warning message when a user tries to delete Essential System Files like modprobe.d,fstab,menu.lst.Totally new users tend to
stuff that may harm system.Mac and Windows have applied this feature in there os,it should also prompt or block those request a user inadvertently/unintentionally does this.i agree
this only can be done with root account but still there is a scope to do things,on my n00b friend pc i told him to edit fstab to get some work done,but this can be done only as root,so i still doubt if this can accidentally could happen on some system.

I think there should be a marker visible in the title bar of an application in case it is run with admin/root permissions.

This way it would be clearer which applications should be treated with special care and it'd be easier to identify instances of the filemanager/nautilus run with (gk)sudo and prevent having it open longer than necessary.

(sorry for typo in title)

When I create a new file (for example, on my Desktop),
it is automatically world readable, that is its permissions are (output of ls -l)
-rw-r--r-- for a file or
drwxr-xr-x for a directory.
Every user has his own group by default, so the disturbing thing is the file is

world readable.

I suggest setting a safer umask (not the default 0022), to prevent others from reading private files.

For the laptop warriors among us, there should be an option for each network connection on the system that says if it's on a private or public internet connections. Here is how it can be defined:

private: file sharing ports opened and remote access ports opened on the firewall but only on the same subnet
public: all ports closed that would normally be used for file sharing and remote access

It should start out by putting the user through a wizard asking them which one they want to use defaulting to public. But after this, it should remember the network configuration that was used on private and if it changes, prompt the user to go through the wizard again so that those who go to a lot of internet cafe's are protected automatically. The wizard doesn't even need to be long, just a selection of public and private with public selected by default.

When I have many logins & passwords (in Thunderbird accounts etc.), then remember it all is difficult. There is application to help with it - 'Accessories - Password & Keys' ('seahorse'). But it can't export password list.

I suggest to add function of export/import/merging of password list to it.
Also it is cool when good USB flash drive support (for password storage/interchange) be implemented in 'seahorse'. For example if my usb stick with required password file is mounted, then password manager automatically use password when needed.