sudo without password

[ubuntu at rio.vg]

Alan McKinnon wrote:
> On Friday 09 June 2006 22:57, ubuntu at rio.vg wrote:
> 
>> That said, from using other distros, other set it up for filtering
>> incoming only.  Thus, you don't need to know what ports things use,
>> unless you're setting up server process.  Moreover, there are
>> plenty of GUI-based systems for managing iptables where you don't
>> need to know the port numbers.  If you're setting up an IMAP
>> server, you'd just check off or type in "IMAP".  For most users,
>> the firewall would be completely invisible, since they generally
>> don't need to have anything listening to the network.
> 
> I'm of the opinion that writing a firewall gui is relatively easy, but 
> writing one that users can use is considerably more difficult. The 
> obvious choice to you and I is "Block imap (y/n)?" and it makes 
> perfect sense to us. Aunt Tillie could probably grok this too if she 
> felt like studying it, but by and large she doesn't. What does happen 
> is she gets confuddled by "imap" and then wonders what to do (or 
> makes the snap decision we least want her to make).

I think you're misunderstanding me... the firewall is only set up to
block INCOMING.  Thus, even without a single port open, you can use
KMail for IMAP or SMTP or anything else.  It's completely invisible to
the average user who isn't running a server.  Aunt Tillie is just using
KMail, not running an IMAP server on her desktop, so should would never
even notice it.

By default, it's no different than Ubuntu's "Nothing is listening".
However, should something be installed that DOES listen, either through
misconfiguration, ignorance, or malice, the firewall is there to prevent it.

> A better scheme is to alert Aunt Tillie that kmail is trying to open a 
> connection to a remote machine and it wants to talk to port 25. 
> Auntie knows this OK as she just clicked send in kmail, and is in a 
> position to safely say "OK".

This would be the ZoneAlarm style, which Linux really lacks, unfortunately.

> I think the Debian point of view is rooted in the idea that a 
> knowledgeable user has one eye on netstat and logs at all times, so 
> it's probably a safe approach. As you say, not the ideal POV for a 
> workstation for the masses

Precisely.  As Ubuntu targets the masses more and more, I think a change
of thinking in this area is warranted.

> Sounds like a neat solution, a good middle point if you don't need the 
> full complexity of SELinux for instance. What impact does it have on 
> performance though? And how easy is it to set the profile for an app 
> too restrictive so that using it becomes a pita? - the downside to 
> almost any security solution is always that if it becomes too much of 
> a hassle to use, users can be counted on to find a way to switch it 
> off

So far, I haven't run into a single issue with AppArmor.  The base SuSE
installation of it even includes an AppArmor profile for FireFox, and I
haven't had a single problem, even after upgrading FireFox.  I haven't
exhaustively gone through the permissions, so perhaps they are simply
quite lenient, but so far it's been entirely seamless.  I wholeheartedly
recommend Ubuntu look into it for the next release.

One of Linux's great advantages is bundling.  Unlike Microsoft, Linux
distro's can set up the entire kitchen sink ahead of time
configuration-wise.  If a ZoneAlarm-like app were written for Linux, all
the standard programs that came with the distribution could be properly
flagged ahead of time, so it would only bug the user for apps that were
installed later.