Announcement

Collapse
No announcement yet.

Ubuntu 21.04 Will Finally Stop Making New Home Directories World-Readable

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by torsionbar28 View Post
    Not to mention that most Linux logins are via SSH and not the local console. We've got hundreds of Linux servers at work, I cannot remember the last time I used a local console on any of them. This SAK seems like more of a theoretical problem anyways, not one that anyone experiences in the wild.
    Server usage its not a issue. But to increase desktop market share at some point it has to be done for the requirements of secure desktops. Of course with X11 protocol being a train wreck there was very little reason to do SAK as it fairly much lipstick on a pig with X11 doing the desktop..

    Comment


    • #12
      knowing ubuntu....

      <sarcasm===on>
      So they implemented a new systemd module for this with the requirement of a yaml configuration file that compiles to typescript that needs to be re-compiled to wasm ?
      <sarcasm===off>

      Comment


      • #13
        Originally posted by uid313 View Post
        Another area where Windows has long been more secure than Linux.
        You mean more secure than Ubuntu? 'Cause some other distros already had this feature enabled. Please don't spread misinformation.

        Comment


        • #14
          Originally posted by oiaohm View Post



          This is not 100 percent true. The Linux kernel has had means to implement different forms of SAK just the distributions have not been. There is a reason not really to bother implementing SAK it was being stuck with X11 were even if the login screen was real you could be screwed over by X11 itself. Key logging on the display manager or screen saver screen is absolutely possible with X11 protocol.
          So basically the feature theoretically exists in the kernel, but no distribution has ever used it, and no system in production ever had it enabled.

          Comment


          • #15
            It do exists, and at least for Debian systems, is enabled by default. The thing is that usually on Debian, it requires another key to use it (in this particular case is ALT... Ex. ALT+SysRQ+another key). Ubuntu is still targeted to "normal desktop users" and that's mean, "1 user = 1 PC" so certain features were enabled/disabled for them.
            Last edited by stargeizer; 13 January 2021, 02:06 PM.

            Comment


            • #16
              Originally posted by uid313 View Post
              Another area where Windows has long been more secure than Linux.
              Another area is that Linux still does not support Secure Attention Key (SAK). On Windows when you press Ctrl+Alt+Del to login you now the authentication prompt is real, when you login on Linux you never know if the authentication prompt is real or spoofed to steal your credentials.
              If anything, this has been a privacy rather than a security issue. Then, claiming that Win does either one better is quite a statement.

              Everybody should know that they have to think about their /home/* directory policy in any multiuser system, especially if using Debian or Ubuntu.
              The 755 default was to lax and it is great to see that changing (hopefully on Debian too). Updating to 750 (with user:user ownership) is probably the best compromise for general purpose desktops and servers.

              Comment


              • #17
                Originally posted by uid313 View Post
                Another area where Windows has long been more secure than Linux.
                Another area is that Linux still does not support Secure Attention Key (SAK). On Windows when you press Ctrl+Alt+Del to login you now the authentication prompt is real, when you login on Linux you never know if the authentication prompt is real or spoofed to steal your credentials.
                On Windows and Linux, you can just reboot to bypass security credentials altogether. That's why Ubuntu hasn't had any security against people who are allowed to reboot.

                Comment


                • #18
                  Originally posted by jo-erlend View Post

                  On Windows and Linux, you can just reboot to bypass security credentials altogether. That's why Ubuntu hasn't had any security against people who are allowed to reboot.
                  No, because when you reboot on Windows you cannot access the system unless you login.

                  Comment


                  • #19
                    Originally posted by mppix View Post

                    If anything, this has been a privacy rather than a security issue. Then, claiming that Win does either one better is quite a statement.

                    Everybody should know that they have to think about their /home/* directory policy in any multiuser system, especially if using Debian or Ubuntu.
                    The 755 default was to lax and it is great to see that changing (hopefully on Debian too). Updating to 750 (with user:user ownership) is probably the best compromise for general purpose desktops and servers.
                    Oh, so that any application can spoof the login prompt to steal user credentials is a privacy issue, not a security issue. Either way, whatever you call it, Linux has this issue and Windows does not.

                    Comment


                    • #20
                      Originally posted by uid313 View Post
                      No, because when you reboot on Windows you cannot access the system unless you login.
                      Unless you are using BitLocker that's not actually true, its fairly easy to reset Windows passwords with direct access to the system, etc.

                      Comment

                      Working...
                      X