Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 21986 ideas, 135057 comments, 2615221 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas

Contributor forteller on the Security category

Encryption in default installer  
Written by KEsse the 4 May 10 at 12:09. Related project: Live CD installer. In development
If you want to install Ubuntu in an LUKS-encrypted drive, you have to use Alternate Install CD. It's an annoyance and it limits the use of one of the most interesting thigs Linux offers.
6817
votes
inprogress
Selected solution (#1): Include support for LUKS/LVM in default install
Written by KEsse the 4 May 10 at 12:09.
During the partitioning give the user an option to install to encrypted LVM(similar to this in alternate CD). Include lvm and cryptsetup packages in LiveCD.
4411
votes
inprogress
Selected solution (#2): Include, and make it more usable with USB authentication
Written by TheFinePrint the 6 May 10 at 22:21.
Offer USB keyfile authentication alongside conventional password authentication.

For several years I have been using LUKS/LVM together with a USB-stick to unlock the boot. The method is already fully developed (proving that there is a demand). What's missing is an elegant and integrated way of generating the USB-key without the terminal.

Info: http://wejn.org/how-to-make-passwordless-cryptsetup.html (other Ubuntu-specific articles are to be found on google)
-63
votes
inprogress
Selected solution (#3): /home encryption is already offered
Written by jbicha the 8 May 11 at 07:02.
For nearly all users, full-disk encryption provides no benefit and significantly interrupts interoperability in dual-booting scenarios. Many users may need encryption of their /home partition; this is a prominent choice in the Ubuntu installer so I would mark this bug as FIXED.

Oh no, someone will steal my laptop and find out I have installed Chromium!

Remember that every single option in the installer has a real cost.

See the 9 comments or propose a solution (latest comment the 17 Dec 11 at 12:23) >>

Guest account needs a change  
Written by toucher5 the 19 Nov 08 at 19:51. Global category: Security. Implemented
The new guest account in 8.10 needs to be accessed from the login screen not from inside another account. This is redundant and poses a security threat. Great idea but since Ubuntu is based on Debian, security needs to be a top priority. Keep the guest account but like I said before it needs to be accessed from the login screen.
720
votes
implemented
Selected solution (#1): Auto-generated solution of idea #15773
Written by toucher5 the 19 Nov 08 at 19:51.
Ubuntu Brainstorm was updated in January 2009. Since the idea #15773 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!
-92
votes
implemented
Selected solution (#2): GDM better integration
Written by Lachu the 22 Jan 09 at 16:12.
New GDM have ran their own user session and start gnome-panels. We can allow to run some application from login screen, but disallow to write any data.
248
votes
implemented
Selected solution (#3): Use a "Login as Guest" button
Written by Bender2k14 the 24 Jan 09 at 22:50.
If someone does not have an account on the computer, then they probably do not know that logging in as "guest" is an option, so make it obvious with a button that says "Login as Guest". AOL has this "feature" and I have always liked it.
14
votes
implemented
Selected solution (#4): Same as #1 but disable it by default
Written by emagmant3 the 7 Mar 09 at 18:53.
It is much more secure this way this way.

See the 6 comments or propose a solution (latest comment the 23 Nov 11 at 07:14) >>

Allow Guest to Log In from Login Screen  
Written by rouge568 the 12 Jan 09 at 04:28. Global category: Security. Implemented
Allowing the guest to only log in from another user's account is, for lack of a better term, stupid. It means that if the owner is not going to be around when the guest uses the computer, he has to give the guest his username and password just so they can log and then switch to another account. This is an incredibly large security hole, that could be easily fixed. Please, if someone types 'guest' when logging in, take them straight to the guest account.
-92
votes
implemented
Selected solution (#3): GDM better integration
Written by Lachu the 22 Jan 09 at 16:12.
New GDM have ran their own user session and start gnome-panels. We can allow to run some application from login screen, but disallow to write any data.
248
votes
implemented
Selected solution (#4): Use a "Login as Guest" button
Written by Bender2k14 the 24 Jan 09 at 22:50.
If someone does not have an account on the computer, then they probably do not know that logging in as "guest" is an option, so make it obvious with a button that says "Login as Guest". AOL has this "feature" and I have always liked it.

See the 19 comments or propose a solution (latest comment the 31 Oct 11 at 18:23) >>

Encrypted home directory GUI tool is needed  
Written by Beach Ball the 7 Dec 09 at 04:21. Global category: Security. New
Ubuntu 9.10 has an awesome means of setting up an encrypted home directory during a first time install, however, users who decide later on to implement an encrypted home directory must resort to learning command-line instructions. Furthermore, the 9.10 installer only gives you the option to setup a single account during install with the option to encrypt, any users added later on must be done from the command-line if an encrypted home directory is desired.
348
votes
up equal down
Solution #1: Option to encrypt home directory when adding new user through graphical tool
Written by Beach Ball the 7 Dec 09 at 04:21.
There are really two things I think need to be done.

First, Ubuntu provides a simple, intuitive, graphical tool under System -> Administration -> Users and Groups for adding new user accounts. After clicking the option to "Add User", a window appears with a tab called "Account". In the "Account" tab there are options for setting a password. I think there should also be an option to "Encrypt home directory". This way a user can create new user accounts with the home directory encrypted without having to drop to the command line.
281
votes
up equal down
Solution #2: Provide graphical tool for managing the encryption of existing home directories
Written by Beach Ball the 7 Dec 09 at 04:37.
Some users may decide they need to switch on/off the use of encryption for their home directory. That is, they may not have enabled encryption to begin with, but now need it; or, they may have it enabled, but now decide they don't want it.

Enabling encryption during a fresh install is easy for a single account, but turning it on later means sending the user to the command line. Same with disabling it later on.

I suggest the ability to switch on/off encryption for one's home directory be an option in the "User and Groups" program for the properties of the account in question (that is, System -> Administration -> Users and Groups -> Properties).

I would have a check box under the existing "Don't ask for password on login" option that says "Encrypt home directory". Checking the box would encrypt the user's home directory while un-checking the box would turn it off (that is, decrypt the contents).

Also, I would require the password of that account to be entered in order for either change to take effect. That way someone with sudo privileges can't toggle encryption on/off for user accounts without knowing their passwords.
94
votes
up equal down
Solution #3: Provide an encryption key master/policy enforcement tool
Written by Beach Ball the 7 Dec 09 at 04:57.
Encryption isn't just important to end-users, but it is important to businesses, too. Especially if they have to comply with mandated data security policies, such as the Sarbanes-Oxley Act (see http://www.soxlaw.com/), for which they have no say in the matter.

If Ubuntu is going to make inroads into these kinds of enterprise markets, there needs to be a management tool to ensure that an employee cannot encrypt their home directory without providing a means for another user (e.g., the primary sys admin for the company) to decrypt it (and yes, I know, a rogue user could always just use something like TrueCrypt, but this about meeting data security policy requirements).

Also, there needs to be a method for enforcing encrypted home directories.

I don't think either of these functions fits into the "Users and Groups" management application. So, maybe this is something best suited for integration into policykit?

Of course, such a tool should be protected in such a way that a user with local root privileges couldn't use it to gain access to the encrypted contents of other users on the system unless it is a key-master account.
69
votes
up equal down
Solution #4: Not only to 'Home' folder....
Written by DrG the 10 Dec 09 at 08:58.
Another idea .---->
A better way is to implement an 'Encryption' option to the 'Permissions' tab (of the Properties Dialogue of files , directories and disks) , which encrypts
files , directories or disks with a password entered by the user ( or the login password - which should not ask password , for decryption , once the specific user logs in , as per choice), and encrypts the item , according to the algorithm selected by the user.

######
In karmic , home directory encryption is achieved through Cryptsetup . A tutorial is here http://gentoo-blog.de/ubuntu/encrypted-home-and-swap-partition-on-ubuntu-9-10-k armic/
####

#-------------------
The Rationale , to a much less extent , can be achieved through nautilus.-->
Right click the desired directory, select 'Properties' , choose 'Permissions' tab ; set Permissions of 'Group' and 'Others' to 'None'(set the Owner as the user ) .( The drawback is that 'root' will be still able to access the content , so as other users with 'gksu nautilus' - so don't rely much on this until tracked ) .
84
votes
up equal down
Solution #5: Extend the user managment utility of Ubuntu
Written by xfuser4 the 15 Dec 09 at 12:37.
Extend the user managment utility of Ubuntu, to create users with encrypted home directories.
-27
votes
up equal down
Solution #6: Don't encrypt home folder but only parts of it and make key locations clearer
Written by natschil the 20 Dec 09 at 19:11.
Currently, the whole home folder is encrypted, which is suboptimal for people, who want to keep private data but also run a lot of io operations, such as compiling software. Furthermore, keys are kept not only in /home, but also somewhere in /var, iirc, which is a pain if your system crashes and you try to mount the encrypted home directores. Therefore I think it would be more practical to have only part of the home folder encrypted.
8
votes
up equal down
Solution #7: Provide GUI with automated processes
Written by PaddyLandau the 8 Feb 10 at 10:31.
Provide a simple, straightforward GUI that has a few basic steps. This would handle all the requirements for the average user. Expert users would still be free to use terminal to perform fancier functions.

I would envisage that the GUI would come installed by default on both the Live CD and a normal installation.

1. The GUI would have the following options. In all three cases, it would require Administrator rights (gksu) when not for your own home directory. It would have to allow looking at home directories on a different drive, e.g. when booting from a Live CD to recover from some problem.
(a) Synchronise password.
(b) Encrypt a home directory.
(c) Stop encrypting a home directory.
(d) View a home directory.
(e) Save recovery key on a file (e.g. USB drive).

Note: For changing the login password the normal way, I would want the system to automatically synchronise the home directory. Option (a) would be for when something goes wrong and recovery is required from the Live CD (a situation that I have encountered).

The options would work as follows. In all cases, prompt for Administrator access if not your own home directory. Naturally, there should be checks for nonsense requests, such as trying to encrypt a home directory that is already encrypted or trying to view a home directory that is already mounted (decrypted with ecryptfs).

(a) Synchronise password.
- Explain to the user what this option means (non-technical users may not realise that the password should match the login password).
- Prompt for:
* which home directory to change.
* its 32-character unlock key, which optionally can be a file from point (e). If already successfully mounted (e.g. the user's own home directory), then omit this step.
* the new (or current) login password.
- Change the password to the new one.

(b) Encrypt a home directory.
- Explaing to the user what this option means (specifically for non-technical users).
- Warn that backups should be taken first in case of problems.
- Prompt for:
* which home directory to change.
* the current login password (if possible, let the system validate this password).
- Display the 32-character unlock code and ask the user to save it safely away from his computer. Explain the importance of doing this. Provide the option of saving it as a file, e.g. on a USB drive -- see point (e). After the user has confirmed doing this...
- Encrypt the home directory (for the user's own home directory, set the mount points accordingly).

(c) Stop encrypting a home directory.
- Prompt for:
* which home directory to change.
* its 32-character unlock key, which optionally can be a file from point (e). If already successfully mounted (e.g. the user's own home directory), then omit this step.
- Stop encrypting the home directory (for the user's own home directory, modify the mount points accordingly).

(d) View a home directory.
- Prompt for:
* which home directory to view.
* its 32-character unlock key, which optionally can be a file from point (e).
- Mount the home directory.
- Display the mount point for the user.
- Open the mount point in Nautilus (or whatever default file management system is set for the installation).

(e) Save recovery key on a file (e.g. USB drive).
- Prompt for:
* which home directory.
* its 32-character unlock key, which optionally can be a file from point (e). If already successfully mounted (e.g. the user's own home directory), then omit this step.
* where to save the file (name and location). Clearly warn the user of the risks of keeping the file phsically near the computer. If the file already exists, warn about overwriting it.
- Save the 32-character unlock key in a simple text recovery file.
4
votes
up equal down
Solution #8: Add always "encrypt home folder" option in "users and group" panel
Written by tanoloco the 12 Jan 11 at 09:05.
I think that the option "Encrypt home folder to protect sensitive data" might be always available on "Users and groups" panel because it can happen that there's no need to encrypt home during installation and then after some time it could be needed to encrypt a new user home folder.

See the 7 comments or propose a solution (latest comment the 20 Sep 11 at 09:44) >>

Protect Ubuntu-users privacy from curious governments  
Written by nandersson the 5 Sep 08 at 11:10. Related project: ubuntu.com. New
In Sweden, as well as in the US, as far as I understood there are now new legislation coming up that seriously compromises the privacy of the users.

In Sweden we have two very worrying laws coming up.

1. The "FRA-law" that gives the Swedish security police the right to wiretapp and datamine ALL international data traveling through Sweden.
2. The "Logging-law". Telco operators will be obliged to collect all information about their users whereabouts and keep that information for a year.

We have to work towards the aim: Security by default - and I'm not talking about the system, but to protect our datastreams from being wiretapped.

Me personally think that PKI is the solution to use here whereever possible. IF a session to/from a Ubuntu-system could be read in clear text the user/administrator should be aware of it.

Postfix is important here, Dovecot as well - all emails should be send over encrypted channels by default.

Mark Shuttleworth with his huge knowledge in Digital Certificates (He sold Thawte remember) would be of great help here.

I would like to see Mark Shuttleworth and Ubuntu leverage an infrastructure and create services to provide their community with a good, PKI-based solution.

Privacy matters

Sincerely
Niklas Andersson, Swedish TechWorld Open Source

Edit 1: I've made a proposition of a real-world-implementation of a very viable way to solve the email issue at a user-level.

[....]
490
votes
up equal down
Solution #1: Auto-generated solution of idea #12819
Written by nandersson the 5 Sep 08 at 11:10.
Ubuntu Brainstorm was updated in January 2009. Since the idea #12819 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

See the 20 comments or propose a solution (latest comment the 12 Aug 11 at 09:38) >>

Login using a GPG key on a USB flash drive  
Written by Eldmannen the 24 Mar 08 at 16:03. Global category: Security. New
I would like to be able to login to Ubuntu using a GPG cryptographic key stored on a USB flash drive.
209
votes
up equal down
Solution #1: Auto-generated solution of idea #5590
Written by Eldmannen the 24 Mar 08 at 16:03.
Ubuntu Brainstorm was updated in January 2009. Since the idea #5590 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

See the 4 comments or propose a solution (latest comment the 7 Mar 10 at 10:22) >>

Additional detail when prompted for a password   forum
Written by dustigroove the 18 Mar 08 at 03:21. Global category: Security. New
When a user is prompted for a password in a graphical environment to gain superuser privileges (ie - gksudo) I suggest that it be implemented that additional detailed information is presented that is relevant to the action the user is trying to perform, as well as the security implications the action may have (the latter could perhaps be in the form of a link to an appropriate Help page).
57
votes
up equal down
Solution #1: Auto-generated solution of idea #4986
Written by dustigroove the 18 Mar 08 at 03:21.
Ubuntu Brainstorm was updated in January 2009. Since the idea #4986 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!
6
votes
up equal down
Solution #2: SODU should show information about caller.
Written by Lachu the 18 Sep 09 at 13:18.
SUDO should show information about it's parent, like name of process, path to it, pid and category(system or not system).

For example bash in interactive mode should be trusted tool, but script running by bash is untrusted.

SUDO can also show which command is performed.

See the 10 comments or propose a solution (latest comment the 6 Feb 10 at 21:40) >>

Never lose focus while typing a password  
Written by pabix the 18 Jan 09 at 21:42. Global category: Security. New
It may have happened to you. You're typing a password in a web page, and suddenly, a window pops up, with a text field inside it, and since you did not notice it at once, you password displays in clear in the other window.
640
votes
up equal down
Solution #1: Fix window managers to lock focus when selected element is a password area
Written by pabix the 18 Jan 09 at 21:42.
It could be hard to implement, but window managers should detect password fields in windows (or detect when keyboard input is not displayed) and temporarily lock the focus.
-195
votes
up equal down
Solution #2: Lock Enter key for some seconds in newly popped up windows
Written by marvo the 19 Jan 09 at 08:45.
The unwanted visibility of passwords is only one annoyance in foreground-catching windows. Much worse is in my opinion that some of them require some input and do have their focus already set to the "ok" button. More then once I have "confirmed" some pop-up-messages while typing a text in my browser or word processor. It would be very helpful if the ok-button of a pop-up-box was inactive at least for some seconds.
156
votes
up equal down
Solution #3: Lock focus while typing.
Written by gmatht the 19 Jan 09 at 11:10.
Lock focus for one second (or so) since the last key was pressed so that we never lose focus while typing.
160
votes
up equal down
Solution #4: Remove focus, use attention methods
Written by dolf1074 the 25 Jan 09 at 00:47.
When an application wants your attention, it should ask it. NOT suddenly appear and take the focus. A program is now already able to ask your attention by flashing the application in the taskbar. So why some applications don't use that and rather want to bother the user in there work flow, I don't know.
70
votes
up equal down
Solution #5: Implement Solution #1 but have as an option
Written by gargouille the 30 Jan 09 at 02:29.
Solution #1 is an excellent idea, but not all may like it. This should be a default option, with the ability to disable it. Perhaps this option could be in System > Preferences > Windows.
-60
votes
up equal down
Solution #6: Beep if a window pops up while typing in a password box ( but as an option )
Written by Andrius the 3 Feb 09 at 18:13.
this can be also useful for non-password textboxes
157
votes
up equal down
Solution #7: Have ability to set system wide how to deal with stolen focus
Written by grofaty the 7 Feb 09 at 18:13.
Like #4, but have ability to set how you would like to deal with stolen focus.

For system wide options should be:
1. Allow stolen focus (like now)
2. Double blink program in task bar
3. Set notification.
4. Don't bother me at all.

Windows XP has this solution already implemented by installing "Tweak UI" official Windows program. Read more at: http://mycvs.org/archives/2004/11/16/applications-stealing-focus-on-windows-xp
7
votes
up equal down
Solution #8: Don't steal the focus!
Written by Frantique the 9 Feb 09 at 15:36.
The newly opened application should not steal the focus at all, or make a switch somewhere for this.
34
votes
up equal down
Solution #9: Provide a flexible option in compiz
Written by aadityabhatia the 9 Feb 09 at 22:44.
This depends on the context. Let's say you're browsing files in Nautilus (an application), and you double click a file. In this case you might prefer not to have the new window opened in the background (which happens sometimes).

Provide it as an OPTION in compiz (try ccsm), that is capable of providing this feature based on window name or class. Setting could be tailored the way user wants, and would stay out of the way of those who don't care.
-47
votes
up equal down
Solution #10: Request to click before prompting
Written by Lachu the 6 Feb 10 at 15:03.
Password fields should request to click special widget, with lock whole X Server onto password field and exit widget.

User ought to input password, before click onto that button! There no way to exit from this field without clicking button again.

Behavior of enter key/arrows could be: give focus to exit button.

Below password prompt, some helping messages should appear, like press exit key to accept prompting password.

See the 13 comments or propose a solution (latest comment the 2 Dec 09 at 16:10) >>

New users often choose insecure passwords.  
Written by ml2 the 24 Jan 09 at 15:58. Related project: Live CD installer. New
Currently, there is no way of knowing how secure a password is. This often leads to users making insecure passwords, which is a risk to security.
432
votes
up equal down
Solution #1: Implementing a password-strenght progress-bar
Written by ml2 the 24 Jan 09 at 15:58.
Implement a progress-bar which shows the password strength in the installer and user management tool.

Low strength = red;
middle strength = orange;
hight strength = green.

Thanks to Peter Koopman, who originally came up with the idea.
84
votes
up equal down
Solution #2: Implement Solution #1 but add to it
Written by gargouille the 30 Jan 09 at 02:55.
Solution #1 is an excellent idea. I think this could be expanded to have options for a password policy. These options could be available in System > Administration > Users and Groups. Check box options: (require uppercase & lowercase letters, require combination of numeric and alpha). A drop down box could also be added for the required minimum password size.

See the 9 comments or propose a solution (latest comment the 24 Aug 09 at 12:42) >>

Tool to encrypt USB drives in Nautilus  
Written by diegoj the 28 Nov 08 at 01:16. Related project: Nautilus. New
Many people uses pen-drives and they store personal information but, a few encrypt them.

Provide an easy plugin for Nautilus to encrypt USB external hard drives and pen-drives, in a similar way as Private folder does.
157
votes
up equal down
Solution #1: Auto-generated solution of idea #16022
Written by diegoj the 28 Nov 08 at 01:16.
Ubuntu Brainstorm was updated in January 2009. Since the idea #16022 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

See the 8 comments or propose a solution (latest comment the 15 Jul 09 at 01:52) >>

2 Next >>