Ubuntu Desktop Security Defaults

Null Ack nullack at gmail.com
Wed Apr 15 01:03:26 UTC 2009

Considering some noise happening in the blog space over a Linux
magazine article about security problems with Ubuntu server I think we
should re-visit this topic. The article is at:


The key criticisms of Ubuntu server raised by Linux magazine are:

1. Default permissions of users home dirs open by default
2. Install allows for blank mysql root password
3. Allowing system accounts unnecessary shell session authority
4. Nonsensical deamons listening on the network despite other
configurations servicing those needs

In our previous discussion on this topic here, I introduced some
personal concerns I have with Ubuntu desktop security with:

1. No firewall enabled by default
2. That AppArmor is providing a false sense of safety for users in
controlling the damage zero day exploits could potentially do.
AppArmor only protects one daemon, CUPS. By default it does very

The reality is that other desktop distros such as Fedora have a far
stronger set of security features than our beloved Ubuntu,

I think we need to make progress on these issues. I think John
previously made an excellent suggestion about using something like
Plash with hooks into GTK.

More information about the Ubuntu-devel-discuss mailing list