sudo without password

Alan McKinnon alan at linuxholdings.co.za
Sat Jun 10 21:22:56 UTC 2006 

On Friday 09 June 2006 22:57, ubuntu at rio.vg wrote:

> That said, from using other distros, other set it up for filtering
> incoming only.  Thus, you don't need to know what ports things use,
> unless you're setting up server process.  Moreover, there are
> plenty of GUI-based systems for managing iptables where you don't
> need to know the port numbers.  If you're setting up an IMAP
> server, you'd just check off or type in "IMAP".  For most users,
> the firewall would be completely invisible, since they generally
> don't need to have anything listening to the network.

I'm of the opinion that writing a firewall gui is relatively easy, but 
writing one that users can use is considerably more difficult. The 
obvious choice to you and I is "Block imap (y/n)?" and it makes 
perfect sense to us. Aunt Tillie could probably grok this too if she 
felt like studying it, but by and large she doesn't. What does happen 
is she gets confuddled by "imap" and then wonders what to do (or 
makes the snap decision we least want her to make).

A better scheme is to alert Aunt Tillie that kmail is trying to open a 
connection to a remote machine and it wants to talk to port 25. 
Auntie knows this OK as she just clicked send in kmail, and is in a 
position to safely say "OK".

This is a significant shift from the usual ip address/protocol/port 
model for firewalling, but is probably better for the user profile 
we'll have when we made inroads into bug #1.

> One thing I haven't seen for Linux is something like ZoneAlarm,
> that would bring up a dialog when something tries to make outgoing
> connections for filtering aswell.  At this point, it isn't nearly
> as big of an issue, since Linux has far fewer malware issues as
> Windows.

I see we are thinking along similar lines

> Obviously, that wouldn't work for a server, but as Linux desktops
> become more common, malware designed to attack Linux will start to
> spread. This is what I really worry about with the old-style Debian
> approach. It assumes that malware won't get onto the machine.  As
> we look to the future, I think this is going to be a problem at
> some point.

I think the Debian point of view is rooted in the idea that a 
knowledgeable user has one eye on netstat and logs at all times, so 
it's probably a safe approach. As you say, not the ideal POV for a 
workstation for the masses



> AppArmor isn't really related to network activity or firewalling. 
> It's more of an alternative to chroot, as I understand it.  I've
> been reading a bit about it, but I haven't had a chance to design
> my own configs for it.
[snip]
> It's not something for the average user, but fairly straightforward
> for administrators, should they need to edit it.

Sounds like a neat solution, a good middle point if you don't need the 
full complexity of SELinux for instance. What impact does it have on 
performance though? And how easy is it to set the profile for an app 
too restrictive so that using it becomes a pita? - the downside to 
almost any security solution is always that if it becomes too much of 
a hassle to use, users can be counted on to find a way to switch it 
off

-- 
If only me, you and dead people understand hex, 
how many people understand hex?

Alan McKinnon
alan at linuxholdings dot co dot za
+27 82, double three seven, one nine three five

More information about the ubuntu-users mailing list