sudo without password

Derek Broughton news at pointerstop.ca
Mon Jun 12 13:19:31 UTC 2006


Alan McKinnon wrote:

> I'm of the opinion that writing a firewall gui is relatively easy, but
> writing one that users can use is considerably more difficult. The
> obvious choice to you and I is "Block imap (y/n)?" and it makes
> perfect sense to us. Aunt Tillie could probably grok this too if she
> felt like studying it, but by and large she doesn't. What does happen
> is she gets confuddled by "imap" and then wonders what to do (or
> makes the snap decision we least want her to make).

Even if it was "block mail" (or separate options for sending and receiving)
it would be too difficult for the average user.
> 
> A better scheme is to alert Aunt Tillie that kmail is trying to open a
> connection to a remote machine and it wants to talk to port 25.
> Auntie knows this OK as she just clicked send in kmail, and is in a
> position to safely say "OK".
> 
> This is a significant shift from the usual ip address/protocol/port
> model for firewalling, but is probably better for the user profile
> we'll have when we made inroads into bug #1.

I agree.  This is what ZoneAlarm does in Windows, and I think it's the
correct model (regardless of whether ZA is actually a good firewall).  The
problem comes with how (& who) the firewall program asks when servers try
to access the net.
> 
>> One thing I haven't seen for Linux is something like ZoneAlarm,

Oh look - some mysterious "ubuntu" said that :-)

>> that would bring up a dialog when something tries to make outgoing
>> connections for filtering aswell.  At this point, it isn't nearly
>> as big of an issue, since Linux has far fewer malware issues as
>> Windows.

I suppose it depends how you look at it.  My office-mate, a very capable
geek, just got root-kitted.  He was running without a firewall (at a
university)!  Everybody who runs servers needs to run a firewall.  Aunt
Tillie may not need one if she's got no server ports open and likely a NAT
router between her and the Internet, anyway, but once you start opening
ports just to connect the two computers on your desk, you're in trouble.
-- 
derek





More information about the ubuntu-users mailing list