Installing a compiler by default

[Tristan Wibberley]

Michael T. Richter wrote:

> I call attention to the beginning of the section you quoted:

[somebody wrote (but I haven't got a clue who):]

>>>>> But if your target is Ubuntu it will be trivial to work around the lack
>>>>> of a compiler.  You're root - you can just upload one or even apt-get
> 
> 
> Note the words "you're root" in the establishing conditions?


For the vast majority of Ubuntu installations that is essentially true. 
It is trivial for an attacker, with just a little patience and the 
typical end user, to get root from the default user account of the 
default install. I believe that is part of the intended trust model of 
Ubuntu.

IE: don't use any apps that are supposed to sanitise then process 
untrusted data as the default user. That means email, web, IM/IRC/etc.

You should be doing your daily work from a second user account that 
doesn't have any configured capabilities via sudo - and do your system 
administration by logging in directly to the first user account and 
using sudo. This should be in the introductory documentation and the 
second user should be set up by default - or the trust model should be 
improved (the latter is my personal favourite).

sudo is not a barrier to a concerted or automated attack, only against 
casual, half-hearted attempts.

-- 
Tristan

Any opinions expressed in this message are my own opinions or those of 
somebody I'm quoting, and I am not speaking for my employer.