http://brainstorm.ubuntu.com guidelines and check if your idea has been posted already! ]]> en-us Tue, 06-Jan-2009 00:00:00 UTC Tue, 06-Jan-2009 00:00:00 UTC QAPoll module http://brainstorm.ubuntu.com/item/16952/ Preferences > Sessions dialog should have a password lock on it, similar to the network dialog.

It would greatly increase security, after all. Any nasty softwares first port of call is to register itself in the startup list.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16952/ http://brainstorm.ubuntu.com/item/16931/ Sure to allow that code execution, user required to enter his password for sudo.

And, let there an option on that Alert message to keep Allowing execution of that code by the same process ( and show the user the process name and ID ) for "y" time ( Ask user for time in seconds ).

Also, let there an option on the Alert message to keep Allowing execution of Any code by the same process ( and show the user the process name and ID ).

in the two previous paragraphs, i considered the code executed by a process, but if the code executed by the user ( using terminal or .. ), the same thing happen but instead of Process name and id, it would be "YOU".

there would be some level of very very dangerous codes, in case of execution on of these codes, System check:

1-if the current user is "root" ( or in the group "root" ), then show him all Alerts for any another users alive on that Ubuntu.
Sure for all Root users ( or in group "root" ) to have an option to hide these messages.
Root can mark some users as "Safe", to allow them to do what they want.

2-if no "root" alive here, don't execute that command even the user allowed that, but if that user is marked as "safe", let him decide, and leave an alert appears for any root login.

Sure to have an option in the Control Panel to turn OFF/ON that protection system.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16931/ http://brainstorm.ubuntu.com/item/16794/
Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16794/ http://brainstorm.ubuntu.com/item/16688/
just add an button like "add your program" in it.

that should open an program asking: are you an advanced user?

if yes, then the program will present an page where you can add the an program.

if no, the user will be presented with an page where he needs to fill in the details of the program ( name, website, linux source( if possible ), ect... )

if this is to dangerous, then consider an voting-website for programs. that way, an program will not get added before there are enough votes.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16688/ http://brainstorm.ubuntu.com/item/16631/
I think Firestarter should be monitoring all network connections automatically, so that the user doesn't have to change the setting each time they change the method by which they connect to the internet.

Also, is it not a bit of a security issue that the firewall fails to start on the basis that the program is not yet able to monitor all connections simultaneously?


Attachments:
Bug #164193 : [Information on this bug will be retrieved soon]
Blueprint firestarter-network-settings: [Information on this blueprint will be retrieved soon]
Ubuntuforums.org thread #272203
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16631/ http://brainstorm.ubuntu.com/item/16519/
The user would have a daemon that when detects the conection of a USB device it will look for a backup synchronization folder. If the device has got one of these, this program would copy the new content of the hard-disk folder to the backup disk.

My idea is like having an *repository* with a copy in a pendrive. Thus, making the updates to the backup device in a seamless way.

Some improvements of this software could be: adding support for encryption, adding support for commit to the hard drive, setting folder size limits, viewing which files has been changed.

It would be very interesting for people that has got important data in their hard-drives.

With the popularity of the pendrives (it's easy to have some of 16GB), and the needed of "backuping" data, this software could be a seriosly advantage for Ubuntu.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16519/ http://brainstorm.ubuntu.com/item/16494/
Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16494/ http://brainstorm.ubuntu.com/item/16455/
I propose that when the user hovers their mouse pointer over a submit icon/button, a semi-transparent padlock emblem is over-layed showing the level of security, and maybe even if the data is being submitted to the same website or another (helps protect against cross-site scripting).

A mockup is available here. (Keep in mind it is a guide, there may be better ways to portray the information.)

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16455/ http://brainstorm.ubuntu.com/item/16439/ Why: To increase security when an unexperienced user decides to try new packages

Users very often get package recommendations from places which are not 100% worthy of trust, like internet foruns. A malicious (or poorly informed) suggestion can cause a users computer to became an open relay to send spam, or an ssh server for a hacker to bruteforce his way in.

To avoid that, it would be nice to have a "safe packages" list, of programs that

* dont use suid
* dont open network ports
* dont change the boot sequence
* dont affect any user of the computer that does not call the program in any way

in other words: can be installed without creating any security concerns

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16439/ http://brainstorm.ubuntu.com/item/16413/
For server applications the AppArmor (and not in ubuntu SELinux) try to define what a app needs to do and the minimum privileges it needs to do that. This is important for desktop applications for many doing solely this would be limiting. There needs to be some other way of setting permissions.

What do applications need to do? most have a configuration file, either ~/.application and/or /etc/application. and then most read a audio file, and then they create a odt with that audio file embedded. However unlike most server applications both these files can come and go from anywhere the user has access. In order to not limit users activities most removvable drives are fully accessable to users, even if they do have uid/gid awareness they are usually fully writable and accessable, but applications dont really need this uaually.

These apps allready pull up a system file menu, (nautilus, konquerer, or thunar) for both reading files and saving them. why not have the option to run these applications as unprivileged, (with access your X of course) and then have them access ability to read and/or write only with permission given by the action of selecting these files. (use security profiles and preferences to fine-tune)

Programs would only get access to set default config/profile files (rw), files you select for opening (r or rw depending on how it opens the file--intent shown in dialog), and files to save/modify, and folders to have full permissions over.

This could be tunable, designed to not get in peoples way, but all the same would greatly increase the security of many applications. firefox could access anything outside its profile or create files unless you told it to ( you already tell it, and creating files to default directories could be always allowed, just through group permissions.)

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16413/ http://brainstorm.ubuntu.com/item/16390/
A rogue DHCP server is where a hacker sets up a second DHCP server on a network, so that they can read a users traffic if their DHCP server responds faster then the legal one. Detecting and warning against Rogue DHCP servers is EASY. Ubuntu simply needs to ensure that when multiple DHCP responses are received by a client before the normal timeout, that the routing/gateway address is the same on all of them.

The gateway address is where all the traffic goes if you are trying to access another network subnet (like the internet). Hackers change the address to be their address, so that all traffic from the targets goes to their computers (and they can read it). Afterwards, they forward it on to the real places, so the user doesn't know that their traffic is being read (and maybe even modified).

IF a rogue server was detected (ie, multiple DHCP leases with different gateways), warn the user that a rogue DHCP was been located and tell them to contact the admin. Whilst the user and ubuntu cant tell which one is the fake, and therefore cant safely ignore one of them and continue working, at least their traffic wont be compromised.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16390/ http://brainstorm.ubuntu.com/item/16339/ its a security issue, very heavy.

please make that with install it will get password protection by admin/user password.

plus: to prevent grub boot options to be edited it also shall be protected by password

Attachments:
Ubuntuforums.org thread #997808
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16339/ http://brainstorm.ubuntu.com/item/16338/
guest session is not the solution.



Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16338/ http://brainstorm.ubuntu.com/item/16317/
Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16317/ http://brainstorm.ubuntu.com/item/16256/
https://bugs.launchpad.net/dell-mini/+bug/301489

but, as usual I should say, no word or action from the developers has been said or taken.

So please make the syncing between mainstream Ubuntu and the version for the mini as quick as possible. Despite people claiming that Linux is safe, the Dell mini is affected by many open and documented vulnerabilities, and Dell is utterly responsible to provide a fix for them ASAP.

Attachments:
Bug #301489 : [Information on this bug will be retrieved soon]
]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16256/ http://brainstorm.ubuntu.com/item/16232/

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16232/ http://brainstorm.ubuntu.com/item/16184/
The goal is to control the activities of some kind of visitor user but, that has more category than guest.

For example, a younger (>18) brother should not view some web-sites, and should not use some programs (in fact, the idea is that he should not view that some applications exists).

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16184/ http://brainstorm.ubuntu.com/item/16173/
There should be something like access control for audio and maybe also video devices creating a popup similiar to gksu and tell the user about what is going on.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16173/ http://brainstorm.ubuntu.com/item/16124/
People might want to change theirs for a number of reasons and I don't see why it shouldn't be offered.



Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16124/ http://brainstorm.ubuntu.com/item/16122/
For example, while using the PC as public terminal and we only want people use some application like Firefox. Also, we want people visit only some web-pages.

Guest user has not got to use any non-public software in the system, its permissions have to be configurated by local user.

Attachments:
No attachments. ]]> Tue, 06-Jan-2009 00:00:00 UTC http://brainstorm.ubuntu.com/item/16122/