sudo without password

[Luis]

On 6/9/06, ubuntu at rio.vg <ubuntu at rio.vg> wrote:
[snip]
> As I recall, UNIX specifically chose it's current security model because
> the more secure ones (like access lists) required far more time and
> effort, and therefore are more likely to have holes left by the operators.

Good to know this historical fact.

[snip]

> I just first tried Ubuntu for the first time with the release of Dapper,
> and I was rather surprised it did not install a host-firewall by
> default.  I understand Ubuntu's take of "we don't install anything that
> listens", but that quickly falls apart when the user starts installing
> things like NFS that require portmap, for instance.
>
> Ubuntu seems to be taking the Debian approach of "We're doing things
> minimally, so if you install something insecure, it's your own damn
> fault."  As a distro targeted at desktops, I'd like to see Ubuntu be a
> bit more forward-looking.  A veteran sysadmin has no problem with the
> Debian way, but a novice desktop user probably does.  And a novice
> _will_ install those security problematic packages.  One of window's
> major problems is users installing every silly program, widget,
> screensaver, or other stupidity that they run across on-line, each of
> which installs another piece of adware, spyware, or trojan.  Eventually,
> the system simply becomes unusable.  Just because the user is now trying
> out linux doesn't mean they've kicked that habit.

I like the MacOS X approach in this manner. Install a firewall that's
integrated with the known packages that listen for known ports.
Essentially, when you go to open/close a port in your firewall, it
allows you to add your own custom ports, and in one list allows you to
quickly check/uncheck the ports that are already listening in your
system. It works the other way around as well, installing a new system
assumes that you want that system to listen for a connection, and
opens the port in the firewall for you. Risky? Well, you should read
the description of the program you are installing before you actually
install it. I like the Debian approach, but I see a problem with new
comers. There is no easy fix that satisfy both worlds. But the MacOS X
approach is very intuitive.

> As an aside, another interesting notion, I think, was released with SuSE
> 10.1: AppArmor.  The idea is to restrict programs, rather than users.
> Effectively, you create access lists of what a particular program is
> allowed to access.  Much the same deal as chroot, but with far less
> hassle.  (Since you don't actually have to copy it all into a single path)

Another SELinux-like implementation? SELinux is already part of the
kernel. I say join forces with Fedora and have SELinux installed the
right way. With the right GUI to manage the thing and the right
policies in place for the "supported" apps.

> The trick is to maintain effective security without it becoming too much
> of a burden.  The human component is the biggest factor.

Without the human component, software development would be very dull.
All apps would work, have no bugs, and never ever have security issues
of any kind. Where's the fun in that?

-- 
----)(-----
Luis Mondesi
*NIX Guru

Kiskeyix.org

"We think basically you watch television to turn your brain off, and
you work on your computer when you want to turn your brain on" --
Steve Jobs in an interview for MacWorld Magazine 2004-Feb

No .doc: http://www.gnu.org/philosophy/no-word-attachments.es.html