update manager no longer asking for password in 11.10

macgyver macgyver at calibre-solutions.co.uk
Thu Oct 20 10:07:56 UTC 2011 

On Thu, 20 Oct 2011 10:31:19 +0100, Alan Pope <alan at popey.com> wrote:
> On 20 October 2011 10:22, Ants Pants <antsmailinglist at gmail.com> wrote:
>> The fact that my root system is open to an application (that installs
>> software on my system) without my permission, I consider to be be an
open
>> system. No?!
>>
> 
> An application which is running as you, an admin who is sat at the
> computer at the time, is able to update software that is already
> installed. It can't install additional software. It can't do this as
> anyone else (unless they're admins and sat at the machine).
> 
> I fail to see the security hole, especially given you're sat at the
> machine and it's unlocked, so most would argue that 'all bets are off'
> in terms of security.
> 
> Al.

1) It's listed as a confirmed bug. 

2) why ..
a) Is there a fundamental flaw in authentication processes in a new version
of software ? (i.e. 11.10 over 11.04)
Answer - we as a general populace don't know - so question needs asking.

b) If someone is silly enough to walk away from their machine and not lock
it, game over for their data - but Linux is not designed as a single user
system - there may be other users on that system - they need as much
protection as possible.

So - having the update manager process ask for a password to elevate it's
privileges to actually do the install is a Good Thing (tm)
Sure as hell beats a process running as a user that has admin privileges by
default - if Ubuntu want to go that way, it's going back to the not so
wonderful days of Windows, and having all users having LocalAdmin rights,
and applications *requiring* that before they would work - Not a security
model that would want to be emulated.

It would also have moved the "don't log on as root" mantra to the "you
can't log on as root, but don't log on as the first user/user with sudo
rights to do normal work, instead create a 3rd user, with no rights, and
log on as that"

That is getting a little silly, surely ?


Note, I've not tried 11.10 to test this "feature" out - and unlikley to in
the "default" flavour, as my experience with Unity on 11.04 made me want to
run away screaming.
(Hell - it actually made me want to go back to using IBM DOS 4.00 and
Wordstar 6, as they had a preferable interface - then I remembered I have a
MacBook)

Question could be - is this a "feature" of a Unity based system only, or is
it in *all* flavours - Kubuntu/Xubuntu etc??

More information about the ubuntu-users mailing list