Vote for new Ubuntu Feature---Let's try it again --- and without getting all religious about it

Jeffrey F. Bloss jbloss at tampabay.rr.com
Thu Jan 11 23:11:16 UTC 2007


Derek Broughton wrote:

> >> Don't be silly - applications _do_ do this, and as Chanchao says it
> >> isn't Unix blasphemy.
> > 
> > Yes, and if you read back through the thread I thought I'd made this
> > clear when I stated quite plainly that there's two avenues of
> > attack to this "problem"... either neutering the Linux/Unix
> > security model, or convincing every Tom, Dick, And Harry software
> > author to rewrite their wares in a compliant and *secure* way. Like
> > I said, it's not gonna happen in our lifetime or likely any other.
> 
> But right here, Chanchao just asked for it to be done on a
> per-application basis, and you told him that he was castrating the
> unix security model. His suggestion most certainly does not.

It absolutely does! Software authors changing permissions mid-stream is
a dire security problem. And other applications do NOT do this. The
Linux kernel won't permit it except in the most unusual of
circumstances, if at all. If you examine the few examples where people
are being tricked into thinking it happens you'll find that they're all
all exec-ing new processes with admin privilege. "Update Manager" execs
a command shell for instance.

This is a completely different thing than Gedit elevating it's own
permissions so it can save a file. It's even completely different than
Gedit automatically spawning a shell and passing user modified files in
some fashion. The data being handled is completely different, and if
everyone started doing it it would shortly become a disaster.

> 
> > That said, even if the "Tom/Dick/Harry" solution were logistically
> > feasible it's a monster of a security nightmare in itself. Do *you*
> > trust any and every software author on the planet to properly
> > implement the authentication and execution of administrative rights,
> 
> Again, you don't have to.  If, in the particular example Chanchao
> used, the file was written to a temp file, then copied to the
> original location, gedit would need to invoke "sudo cp".  The user

You can do that yourself with a script. Or manually. There's no need
for any software authors to be involved, the tools are right there in
front of you. I'm not real familiar with Gedit, but I'm pretty sure
I could do this with a vim script in about a minute. Again, that's why
Linux is considered generally more secure in this respect than some
other choices as long as the administrator is competent enough to keep
it that way. :)

> would have to _have_ sudo rights - at least to cp.  If the user does,
> then where is this any more of a security nightmare than the current
> system.
> 
> > I don't think Gedit needs, or should be allowed to do anything like
> > this. There's already several perfectly functional ways to give
> > Gedit the privilege it needs to do what the OP wants. Users need to
> > learn to use them, not suggest the reinventing of a broken wheel.
>  
> If the wheel's broken, it should certainly be redesigned.  I don't
> think it is, but lets argue about it on its merits rather than
> dismissing ostensibly reasonable suggestions as emasculation.

That's the point. It's not broken but some people want to replace it
with something that is.

Nobody has yet explained to me what the problem is with simply using
your brain for something besides keeping your skull from caving in, and
thinking about what you're doing for the .32 seconds it takes to
realize you're opening something in read only mode. Are users becoming
so GUI-ified by bright colors and flashing icons this seems like some
sort of problem?? *sigh*  

I gotta tell you that just depresses the hell out of me because it
means to keep market share the better distributions will have to dumb
down to some lowest common denominator. But just in the nick of time, 
here's a free clue that might help stave off the ruination of Linux. ;)
If it doesn't reside in your $HOME you probably don't have permission to
change it...

Now is that really so hard to remember?

-- 
     _?_      Outside of a dog, a book is a man's best friend.
    (o o)         Inside of a dog, it's too dark to read.
-oOO-(_)--OOo-------------------------------[ Groucho Marx ]--
    grok!              Registered Linux user #402208
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 892 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20070111/0bfd90ff/attachment.pgp>


More information about the ubuntu-users mailing list