Page 6 of 10 FirstFirst ... 45678 ... LastLast
Results 51 to 60 of 98

Thread: Canonical Developer Criticizes Linux Mint's Security

  1. #51
    Join Date
    Mar 2008
    Posts
    575

    Default

    I don't give a fuck of any of the bullshit that I'm reading. The only thing I know is that my server in production with Ubuntu 12.04 got fucked up from this Linux kernel exploit once an hacker got into a shitty Joomla installation: http://blog.zx2c4.com/749

  2. #52
    Join Date
    Sep 2012
    Posts
    750

    Default

    Quote Originally Posted by FLHerne View Post
    Because it allows random people to anonymously perform far more actions than they can if not logged in, and there only needs to be one badly-thought-out interaction between two permitted actions to give them full access.
    Well, "people that have physical access" != "random people", and if your OS has obvious permission escalation breaches, I'm not sure you can trust it anyway.

    Also, there only need one security breach in your browser for allowing remote code execution, so by that reasoning, any system with a browser is a compromised system.

  3. #53
    Join Date
    Jan 2011
    Posts
    1,287

    Default

    Quote Originally Posted by Goddard View Post
    Saying DistroWatch is a bad source is just like when my teachers would say Wikipedia is a bad source. It always felt like a discrediting statement especially when I would write papers sourcing the material, but say it came from an encyclopedia. In other words it may not be as good as getting a piece of software on every single Linux system reporting which distro they are using, but it is as good as it gets.
    Do you visit DistroWatch and click on your distro periodically? Because I don't know of a single individual that does. That's why it is not representative. DistroWatch is useful to read about distros. Usually, you already know what's in there for your distribution, and you'd only enter to compare a few if you want to switch. So, neither bounds one user to one distro (and the common case is that one user uses only one distro) nor to the distro he or she uses.

    Quote Originally Posted by prodigy_ View Post
    Yes, it's a pure coincidence that the most popular distros are on top of the list.
    Yes, it is. Well, not a complete coincidence, as what it measures is curiosity about such distributions, but yeah, it has nothing to do with the number of users.



    On the Mint issue, with information I've found on this thread I changed my mind. I thought this was a serious problem in general, because it sounds like they don't dispatch the updates, not like they are optional. If the user knows what he/she's doing, Mint is as secure as their upstream, Ubuntu, is. It is not so moron friendly as Ubuntu, though, having the user to think about the updates.

  4. #54
    Join Date
    Sep 2012
    Posts
    287

    Default

    Quote Originally Posted by dee. View Post
    All updates require root permíssions (unlike in Ubuntu)
    Ubuntu requires super user permissions to install updates. Ubuntu doesn't have a root account by default.

  5. #55
    Join Date
    Jan 2013
    Posts
    142

    Default

    Quote Originally Posted by NothingMuchHereToSay View Post
    I'm looking through this thread and obviously there's waaaaaay too many Linux diehards in here. Are you people trying justify your delusions by saying that wikipedia has a long lasting bug that makes Canonical's Ubuntu more popular than your favorite distro? From the eyes of an outsider that joined Linux because of Ubuntu back in 2008, I have to wonder how you people are completely missing the point when it comes to marketing.
    Are you suggesting that Ubuntu really has 50x more users than any other distro, and that twice as many people use tiny distros than the combined userbases of all well-known distros including Ubuntu?
    Because that's what those WP stats say, and your dismissal is based on the premise that they're accurate.

  6. #56
    Join Date
    Mar 2011
    Posts
    384

    Default

    Quote Originally Posted by Pajn View Post
    Ubuntu requires super user permissions to install updates. Ubuntu doesn't have a root account by default.
    There is no such thing as a super user. If you mean the command su: That stands for "switch user" and switches to root by default (but you can use it to switch to any user).
    Do you mean you need root permissions? If so: Are you required to enter your root password? Or is there no password at all? Or do you have root privileges all the time? If you say no to the first and/or yes to the second/third question Ubuntu is a very insecure distro.

    BTW: All that questions are serious, I never used Ubuntu for myself.

  7. #57
    Join Date
    Jul 2008
    Location
    Berlin, Germany
    Posts
    835

    Default

    Quote Originally Posted by FLHerne View Post
    Are you suggesting that Ubuntu really has 50x more users than any other distro, and that twice as many people use tiny distros than the combined userbases of all well-known distros including Ubuntu?
    Because that's what those WP stats say, and your dismissal is based on the premise that they're accurate.
    For reference: These are the numbers from Wikimedia (mostly Wikipedia visitors) http://stats.wikimedia.org/wikimedia...ingSystems.htm

    I think Wikimedia can accurately detect Ubuntu. They probably cannot accurately detect other distros besides Android, and those hide in the "Linux Other", which lumps together the various desktop and mobile distros. Let's make an uneducated guess that there is a 50/50 split between desktop (ChromeOS etc.) and mobile (Maemo/Meego, WebOS, OpenEmbedded etc.) in "Linux Other". This means that Ubuntu has maybe 50% share of the desktop market, which kind of agrees with other available numbers.

    For the cloud market, on Amazon EC2, we have Ubuntu at around 52% share, along with a generic 25% "Linux" lump: http://thecloudmarket.com/stats#/totals

    An older survey was done as part of Linux.conf.au 2010, a conference for Linux professionals, and it showed Ubuntu at 69.3%, twice as much as the next distro Debian, which was used by 35.5% (multiple distros could be named by respondents).

    I think it is plausible that Ubuntu runs on more than half and less than two thirds of all non-mobile Linux computers. Not 50x more share for sure.

  8. #58
    Join Date
    Jul 2008
    Location
    Berlin, Germany
    Posts
    835

    Default

    Quote Originally Posted by TAXI View Post
    Are you required to enter your root password? Or is there no password at all? Or do you have root privileges all the time? If you say no to the first and/or yes to the second/third question Ubuntu is a very insecure distro.
    Ubuntu uses the sudo mechanism. If the user is in the admin group, he can use the sudo command to run tasks with superuser privileges. Ubuntu will ask for the user's password then.

    There is no password for the root account set by default. Before you can use the root account, you need to set a password (but it is not necessary as described above).

  9. #59
    Join Date
    May 2013
    Posts
    570

    Default Apparmor is still in repo, you will notice this if you are USING it

    Quote Originally Posted by monraaf View Post
    The update defaults in Mint made me leery. Finding that they remove AppArmor for no good reason meant it was not going to be my main OS.

    Mint favors useability/appearance over everything. Not that I fault them but it shouldn't surprise anyone that Mint isn't an Enterprise OS.

    Ubuntu on the other hand claims to be an Enterprise OS and doesn't backport all security patches. Care to explain this Mr. Shuttleworth?
    Since Mint uses Ubuntu Repos, Apparmor is still in repo. In Ubuntu by default, Apparmor is disabled for the browser, the single most important place to use it! Since I use a custom Firefox profile with Apparmor, I would notice a missing /etc/apparmor/d directory very quickly and fetch the package after a new install from a Mint installer. If I am setting up a machine for someone else, I cannot use that Apparmor profile anyway as people would wonder why all the restrictions. I use the Apparmor profile as part of a layered defense to make CIPAV-type policeware harder to push to my machines used for activist work, it's not necessary for most users. If something REALLY counts I am going to use Tails, a specialized Tor-based security distro that runs from an immutable live image.

    Mint does not claim to be a specialized security distro, Tails it is not and need not be. Webservers are another specialized use, requiring maximum security. Since Mint differs from Ubuntu mostly in the DE, why would anyone need a "mintserver" installer anyway?

  10. #60
    Join Date
    Feb 2010
    Posts
    39

    Default

    Quote Originally Posted by Mike Frett View Post
    The truth is, if you are using anything other than a main distro and are focused on security; you're using the wrong distro. Things like Mint are for experimentation and hobby purposes.
    Again, the only difference between Ubuntu and Mint Updates is the _default_ setting of Mint to not update things like Xorg and Kernel (level 4 and 5 updates). Enable the Level 4 and 5 Updates (by Mouseclick) and from now on you have the exact same update behavior just like Ubuntu...

    It might be a good idea to point Ubuntu -> Mint changers to this difference in default setting (so they can decide how conservative they want to be), but thats all, why this whole drama about it?
    ...And WTF took that Canonical guy to pretend that Mint (not talking about LMDE by the way) does not get Browser updates at the same time as Ubuntu

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •