Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 22700 ideas, 138270 comments, 2629576 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas

Contributor kees

New users often choose insecure passwords.  
Written by ml2 the 24 Jan 09 at 15:58. Related project: Live CD installer. New
Currently, there is no way of knowing how secure a password is. This often leads to users making insecure passwords, which is a risk to security.
432
votes
up equal down
Solution #1: Implementing a password-strenght progress-bar
Written by ml2 the 24 Jan 09 at 15:58.
Implement a progress-bar which shows the password strength in the installer and user management tool.

Low strength = red;
middle strength = orange;
hight strength = green.

Thanks to Peter Koopman, who originally came up with the idea.
85
votes
up equal down
Solution #2: Implement Solution #1 but add to it
Written by gargouille the 30 Jan 09 at 02:55.
Solution #1 is an excellent idea. I think this could be expanded to have options for a password policy. These options could be available in System > Administration > Users and Groups. Check box options: (require uppercase & lowercase letters, require combination of numeric and alpha). A drop down box could also be added for the required minimum password size.

See the 9 comments or propose a solution >>

Tool to encrypt USB drives in Nautilus  
Written by diegoj the 28 Nov 08 at 01:16. Related project: Nautilus. New
Many people uses pen-drives and they store personal information but, a few encrypt them.

Provide an easy plugin for Nautilus to encrypt USB external hard drives and pen-drives, in a similar way as Private folder does.
157
votes
up equal down
Solution #1: Auto-generated solution of idea #16022
Written by diegoj the 28 Nov 08 at 01:16.
Ubuntu Brainstorm was updated in January 2009. Since the idea #16022 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

See the 8 comments or propose a solution >>

Focus on security of .desktop files  
Written by Ivo Georgiev the 14 Feb 09 at 08:23. Related project: Gnome. New
The .desktop files introduce a lot of problems - users can execute code without knowing what they do.
For example, they can receive the .desktop file on their email, and it's not required to give it execute permissions to run it.
In Gnome, there is a really big issue: .desktop files in ~/.local/share can overwrite the menu entry of some .desktop files in /usr/share/applications. For example, you have Synaptic. The run command specified in the .desktop file placed in /usr/share/applications is "gksu /usr/sbin/synaptic". A virus can copy this .desktop file to ~/.local/share/applications and change the run command to:
gksu /usr/sbin/synaptic. So, the user thinks that he is starting synaptic, but he is executing bad code as root as well as synaptic.
In KDE (tested in 3.5.10) there is another issue, that is fixed in Gnome: KDE doesn't check for MIME type and extension conflicts, so the user might download a file with a .pdf extension (for example), the file can have a icon of a pdf file (since it's a .desktop file, custom icon is easy to put), and click on it, thinking that it's a pdf file. But the file might execute malicious code and also copy itself in the KDE/Gnome autostart directory, or made to be run with root privileges when starting something with gksu for example.

If voting negative, please post a comment.
76
votes
up equal down
Solution #1: Basic security fixes
Written by Ivo Georgiev the 14 Feb 09 at 08:23.
1. Files in /usr/share/applications in priority in Gnome (they can overwrite the entries from ~/.local/share/applications).
2. MIME type/extension conflicts checking in KDE (like the Gnome's one)
3. Don't use gksu. To start, make a control panel. It will be started with a single command, without requiring root privileges. Then, it reads some files placed in /etc/control panel name/ (that users have no permission to modify) and creates a menu of those items. Like the Mandriva Control Center for example. It will require root privileges only if the user wants to run something. This way, a unprivileged user can't modify what will be run as root if you click at one of this menu items in the control panel.
136
votes
up equal down
Solution #2: Require executable permissions for the .desktop files to be run
Written by Ivo Georgiev the 14 Feb 09 at 08:25.
If the .desktop file has +x permissions, then it should be run. Else, it should be taken as a normal text file.

Also, it might not require +x permissions if the file is placed in /usr/share/applications, so it won't require re-packaging of the packages that contain .desktop files.
The .desktop files that you already have (for example on ~/Desktop) should be given +x privilege when the new version of application that manages .desktop files (nautilus in Gnome) is installed (through it's install script in it's package).
-22
votes
up equal down
Solution #3: Add an overlay icon
Written by viraptor the 20 Feb 09 at 17:44.
Simply add a small icon in the corner of the original one - the way windows shortcuts work.

It's the main idea that users run launchers, so blocking that in any way will just cause problems in normal use.

---
I wonder why this solution is voted below 0. Anyone cares to share?

See the 2 comments or propose a solution >>

No basic file encryption  
Written by firexq the 5 Mar 09 at 07:05. Global category: Security. New
The default encryption scheme in Ubuntu requires that I make a key and store it on a keyring to use... this is all well and good. However, there are times when a user will want to encrypt a file without the key being stored anywhere but his head. With the current system you need to have the decryption key saved, and even if you delete it afterwards, it's still theoretically recoverable.
22
votes
up equal down
Solution #1: Allow basic file encryption
Written by firexq the 5 Mar 09 at 07:05.
When I right-click a file and select "encrypt", I should have the option to simply enter a key and generate; this way, the key never leaves active memory, and the tinfoil hat can stay firmly on my head.
18
votes
up equal down
Solution #2: Add nautilus scripts for encryption
Written by tenplus1 the 5 Mar 09 at 21:23.
Nautilus can handle right-click scripts that allow the user to encrypt/decrypt a file by entering a password, this is available on www.gnome-look.org

See the 2 comments or propose a solution >>