Originally posted by torsionbar28
View Post
Announcement
Collapse
No announcement yet.
Ubuntu 21.04 Will Finally Stop Making New Home Directories World-Readable
Collapse
X
-
- Likes 1
-
-
Originally posted by oiaohm View Post
This is not 100 percent true. The Linux kernel has had means to implement different forms of SAK just the distributions have not been. There is a reason not really to bother implementing SAK it was being stuck with X11 were even if the login screen was real you could be screwed over by X11 itself. Key logging on the display manager or screen saver screen is absolutely possible with X11 protocol.
Comment
-
It do exists, and at least for Debian systems, is enabled by default. The thing is that usually on Debian, it requires another key to use it (in this particular case is ALT... Ex. ALT+SysRQ+another key). Ubuntu is still targeted to "normal desktop users" and that's mean, "1 user = 1 PC" so certain features were enabled/disabled for them.Last edited by stargeizer; 13 January 2021, 02:06 PM.
- Likes 1
Comment
-
Originally posted by uid313 View PostAnother area where Windows has long been more secure than Linux.
Another area is that Linux still does not support Secure Attention Key (SAK). On Windows when you press Ctrl+Alt+Del to login you now the authentication prompt is real, when you login on Linux you never know if the authentication prompt is real or spoofed to steal your credentials.
Everybody should know that they have to think about their /home/* directory policy in any multiuser system, especially if using Debian or Ubuntu.
The 755 default was to lax and it is great to see that changing (hopefully on Debian too). Updating to 750 (with user:user ownership) is probably the best compromise for general purpose desktops and servers.
- Likes 1
Comment
-
Originally posted by uid313 View PostAnother area where Windows has long been more secure than Linux.
Another area is that Linux still does not support Secure Attention Key (SAK). On Windows when you press Ctrl+Alt+Del to login you now the authentication prompt is real, when you login on Linux you never know if the authentication prompt is real or spoofed to steal your credentials.
- Likes 2
Comment
-
Originally posted by jo-erlend View Post
On Windows and Linux, you can just reboot to bypass security credentials altogether. That's why Ubuntu hasn't had any security against people who are allowed to reboot.
Comment
-
Originally posted by mppix View Post
If anything, this has been a privacy rather than a security issue. Then, claiming that Win does either one better is quite a statement.
Everybody should know that they have to think about their /home/* directory policy in any multiuser system, especially if using Debian or Ubuntu.
The 755 default was to lax and it is great to see that changing (hopefully on Debian too). Updating to 750 (with user:user ownership) is probably the best compromise for general purpose desktops and servers.
Comment
-
Comment