Problems of a desktop Linux distribution GUI sudo
Elazar Leibovich
elazarl at gmail.com
Mon Jun 14 08:49:21 IDT 2010
When using my Ubuntu I used to make the following pattern, whenever an
update symbol showed up in the "taskbar" above (in gnome it's the upper
panel), I clicked on it, entered my password to sudo up the privileges of
the update process, and installed the needed packages to the machine.
Then I thought, wait a mintue, this is happening all too often! The only
security signature I trust here is the shape of the symbol on the taskbar! A
malicious program can immitate the update GUI, and lure me to leverage its
permissions very easily.
It can't be that bad, I thought, I can probably only sudo a known program.
Alas, in the latest version of Ubuntu the sudoers file says
%admin ALL=(ALL) ALL
and the default user is indeed in the admin group.
Is that really a problem (I'm probably not the only one who noticed it)? Is
it like that in other distributions?
In Windows when you're asked to leverage a permission of a program, it shows
you the digital signature of the executable asking for privileges (or at
least that's how it looks like in the dialog), which is not a very good
solution IMHO, but it's at least better than nothing.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.cs.huji.ac.il/pipermail/linux-il/attachments/20100614/b51d6963/attachment.html>
More information about the Linux-il
mailing list