Security category

Ubuntu is lacking one important feature, graphical firewall. Just add Firestarter Firewall as optimized setting for general user.

It is quite easy to trick the user into running a bad script in sudo by changing the gnome menu from "gksu /usr/sbin/synaptic" to "gksu /home/user/.roughescript.sh".

In a desktop environment using sudo you should need to enter your password in order to change the menu.

Sorry if i misspelt something; English is not my native language.

I have the following setup:

openldap server serving users and groups

I have created a number of groups and added users to them. I can simply visudo and add the group in that i wish to admin the system. However this is create for a server, but not for a desktop as the following happens:

on the gnome menu 'Add/Remove' does not appear and a number of gui tools will only allow me to select a user who is a member of the local admin group.

I would like a method to add a n number of groups who will be treated the same as the local admin group.

I am one of those who were a little alarmed when the gill blacklisting of gfx cards.
It was almost like I was on my way to switch back to WIndows, or atleast was sceptical.
My idea is that insted of the blocking you should add a warning message when you open and enable the visual effects and Compiz. A rich list of all the risky short, why it is risky and what could happend if you activate it.
All cards names to be green except from YOUR cards, which will be the red.
When you press on the short, it will be presented to information.
So will it be up to you to decide whether to activate it or not.
When will people be less afraid and get much better understanding of why it is so.

Currently if you select the "remember password" option in Evolution, each time you start the programme and it connects to email server you'll have to type your user password in the key manager. While I understand security reasons this makes "remember password" totally useless. The option that should save you some hassle still forces you to enter password just a different one...

I think that there needs to be a check box to disable an account.

It is quite unlikely that Pidgin, Firefox and Thunderbird will provide any strong encryption of the wealth of personal information they keep. Pidgin even stores passwords in a plain text file. It is also unlikely that these great cross platform applications will move away from a unified design and start using platform-Dependant security features.

By hooking the keychain to something like ecfs, truecrypt, of GnuGP in an organized manner we could bring this framework to these programs without them having to do anything. And we can (hopefully) use an established standard that allows users to optionally set the keychain stored and managed passwords so they can mount their files on other computers.

As soon as a program asks for access to a special, encrypted folder (each firefox, thunderbird, etc profile, pidgins passwords and log files .purple etc) a dialog box would pop up asking for the keychain password to unlock that folder either entirely to the user, or just to that application. Just like how the keychain works now the application would keep that authorization until it is closed or the computer is rebooted.

Ubuntu could detect when these apps are installed, or first started (or started with a new profile) and ask users if they want to encrypt their profiles. (with firefox and other mozilla products you could have it through prefs in the ubuntu modifications plugin, and have an extra home page tab load when starting under a new firefox profile like other plugins do.)

edit:
this seems like both a blueprint and an idea. does someone want to type a blueprint up for this?

A common problem with users new to Ubuntu is confusion about the lack of visual feedback when entering passwords in the Terminal. Over on the forums there are plenty of post about Terminal not working when passwords are required and my keyboard is broken in the terminal. We should change the default sudo behavior to lecture users about the lack of visual feedback. Something like:

When typing your password in the Terminal you will not receive visual feedback.
Type your password normally and hit enter.
To remove this message edit the sudoers file with sudo visudo and change the line
Defaults lecture=always,lecture_file=/etc/sudolecture to
Defaults !lecture

Other alternative might be adding something to motd (but this only displays on login) or echoing it from the .bashrc when a new shell is started.

It is very useful to enable the "Remote Desktop" feature when you need to access your data remotely. The question that arises is "How secure is it?".
Having this in mind, is that even though I set a strong password for authentication, I like to know when anyone access to my computer through remote desktop (by chevking the "Ask for your confirmation" setting).

The purpose of this simple idea is to allow to set an automatic timeout for this last setting, and choosing a default behavior.

Example:
You remotely connect to your Ubuntu desktop and type your password. Ubuntu will locally pop the confirmation dialog. What SHOULD happen is that after a 30 seconds, if no option is chosen, then the default action is taken (example: allow the remote connection).

Perhaps, to preserve the purpose of the setting in question, if this behavior takes place, then a message should be left at the desktop after the remote user disconnects warning that a remote connection took place.

I think that an option to go "off the record" at any time during a session should be added to Ubuntu for people who don't want what they are doing to be recorded. While in this "mode" browsers would be instructed not to save any history, thumbnails would not be saved, IM's not recorded, no recent documents saved, etc. Maybe a menu to choose how "off the record" to go too.

I think, they are convenient to speed things up, though it is not that convenient to keep them forever, it would be a good idea to automatically purge them during the shutdown sequence, not a lot of users are informed .thumbnails keeps copies of all the pictures in their hard drives.

Now that I've seen unlock used enough, I think it's better because simply prompting for the user's password slows down the user if they're exploring/looking for something. Ex, learning via exploration of the menus.

I'd like to have Ubuntu log me in automatically, but still require my password to begin use.

Rationale: I don't like waiting. Why can't my gnome desktop start up BEFORE I enter my password? In the unlikely event that someone else was to use my computer, they could be given the option to logout (without knowing my password) after the initial start up.

Considerations: If I did happen to have applications like Gaim start up automatically on login (which could require immediate attention), maybe these should be delayed until after I've entered my password.

Has anyone out there used the Ubuntu Alternate Install CD to create an install-time encrypted system? If so, you'll understand just what I'm talking about:

If you have an install-time encrypted system and need to use a LiveCD to rescue some data off the hard drive, you're stuck. Currently there might be a way to get to your data, but if so I'm certainly not aware of it.

It should be a lot simpler. The Ubuntu LiveCD should autodetect if your hard drive contains a dm-crypt LUCKS filesystem, and prompt you (possibly at boot time) if you'd like to mount it (followed by prompting for your passphrase, of course.)

Allow signing for Personal Package Archives (PPA). APT does not use SSL, so there is no security. Someone could send your a modified package. I want to know if the package is really from this person I trust.

https://launchpad.net/ubuntu/+ppas

Whenever new security updates are available, your machine is notified immediately(Optional, disabled by default).

Optional in Software Sources > Updates > Automatic Updates > Immediate Security updates.


This would be the equivalent of 'apt-get update' for security updates the moment they are made available,
so there would be a minimal time-frame in which a security update isn't applied.

The implementation of how this would be done is open for discussion..

Right now in Linux there are two types of user accounts – basic user and super user (usually called admin or root). In Ubuntu these two are actually merged, you are always using low-privileges high-security basic user account, but you can always temporarily elevate your privileges to root level by using “sudo”. Basic user is very limited, while on the other hand root is de facto GOD. There is a vacuum between these two that needs to be filled.

Linux was for a long time primarily server operating system, so it was mostly operated by people who knew exactly what they are doing. This however has changed a lot and today there are more client Linux machines than there are servers. Canonical is trying to make its Ubuntu distribution easy for anybody to use and they have said that that their goal is to make Ubuntu on the desktop as easy and intuitive as Mac OS X in the next 2 years time. It is pretty clear that the plan is to attract to the Linux side even people who do not have much computer knowledge and I salute that idea.

However, that is going to cause problems because Linux was from the start designed with more technologically savvy people in mind. People that want to use Linux at home have to use root sometimes, and as I said, root’s authority on the system is god-like. If people get tricked into giving the root-level privileges to a malicious script, they have given it power to metaphorically rip out the guts of their system. And we need not to forget that as popularity of desktop Linux grows, so will the amount of threats (viruses, trojans, spyware, etc.) that are today almost non-existent.

The answer to this problem will probably have to be some sort of limited admin account, which we might call “power user” or “novice admin” or something like that. This kind of user would be allowed to do most of the things that root can, but not mess with the most sensitive files and settings of the system. The idea would be when installing the OS to advise the novice users that in case they do not have enough knowledge of Linux they should create for themselves this kind of limited root account as a security measure.

I think clamTK virus scanner should include a GUI to schedule periodic scans of the system searching for viruses. A user should set this from command line, so, about a great problem like viruses, Ubuntu is not user-friendly and not compliant with its philosopy (I tried klamav, that has this feature, in Ubuntu but I have many problems with this package in gnome)

NOTE: I want to reopen this idea. Thanks.

I may want to use software I don't trust fully, so I want to give the application only certain authorizations.

E.g. my game shouldn't have write access to my files in /home excluding his own directory or it shouldn't be able to manage system configuration although I'm allow to do this.

There should be groups, so I don't need to enter all authorizations for each application.

The synaptic "Generate download script" eases downloading packages on online machines and installing them on offline machines later. But no package lists will be updated and thus no security updates propagate to the offline machines this way.

So there should be away to update the package lists (index) in similar way to Synaptic's GDS.

We who have slow/no internet connection can't update the index so we can't Generate the download script for the programs we need because it's not in the index yet.

So please help us voting for this.