Toshiba Satellite 4090CDT + sudo ideas

Matt Zimmerman mdz at canonical.com
Thu Dec 23 15:22:12 CST 2004 

On Mon, Dec 06, 2004 at 11:38:31AM +0000, Robert Wittams wrote:

> 	The wireless card wasn't detected due to a lack of info in the 
> 	config files. It is an SMC 2632W V2 which is a rebadged atmel. The driver 
> is included in the kernel 2.8 package. So I added the following lines to 
> /etc/pcmcia/config
> 
> -----------------------------
> device "atmel_cs"
>   class "network" module "atmel_cs"
> 
> card "SMC 2632W V2"
>   manfid 0x01bf, 0xb301
>   bind "atmel_cs"
> -----------------------------
> 
> 
> Maybe these could be added to the pcmcia package, and then pushed 
> upstream. I think having this detected is useful in the default install.

This has already been done, some time ago (though after the Warty release):

pcmcia-cs (3.2.5-8ubuntu2) hoary; urgency=low

  * [etc/config] Add stanzas for atmel_cs, thanks to Martijn van de Streek
    <martijn at foodfight.org> (Closes: Ubuntu#2313)

 -- Matt Zimmerman <mdz at canonical.com>  Fri, 29 Oct 2004 18:46:38 -0700

> One suggestion that I might make is tighter integration between the 
> gnome version of "sudo" and the window manager (metacity). Could we put 
> an unforgeable border around windows from processes running as root and 
> also the "give me your password" window?

I don't know of any way to do this, no.  It is an inherent weakness of the
security model used by su and sudo, that there are various ways to
"piggyback" on the user's escalated privileges, and thus gain root if the
user is compromised.

> Also more sudo-helper programs would be nice : eg a separate program to 
> install firefox extensions for the whole machine. ( Maybe this could 
> even automatically create a .deb package from the .xpi and install that? 
> This could then be superseded by real packaged versions of the extension 
> if the naming is chosen consistently.... This could be done for other 
> psuedo packages too - e.g. python & perl modules )

Rather than using Firefox's system, I think it would be better to arrange
for efficient (semi-automatic) packaging of extensions, and so make it easy
to install them in the traditional way.  If, after that, it makes sense to
extend firefox itself to be able to use (e.g.) synaptic to install
extensions, that could build on this work.

This is not a project that we currently have resources for, but would
welcome contributions in this area.

> Perhaps it should be made very easy for any user to create a throwaway 
> "subservient" user account, and run  mail attachments or a web browser 
> from it. An authenticated (ie password dialog) way of moving any 
> downloaded files from here to their "real" home directory could also be 
> provided. This would limit any possible exploits of these things... and 
> perhaps curb claims than linux is soon to face an onslaught of viruses 
> (without the current complexities of SELinux).

This is an interesting idea, but I think it would be tricky to implement
something like this by default.  If you have some specific ideas, feel free
to discuss them here.

-- 
 - mdz

More information about the ubuntu-devel mailing list