Discussion on:
No more Ubuntu on Dell in the United Kingdom

View entire thread
Message 27 of 157
Next » « Prev
0 Votes
+ -
I will give you my take
on Ubuntu security.
The debate stems from the rampant use Ubuntu makes of the sudo command, it prompts you with a "run as administrator" option when access is needed, but it wants the current users password, not the root/administrator password. Ubuntu gives the first user created, during install, nearly complete root powers (they have to sudo to gain access). A single compromised password, for a normal daily user can compromise the entire machine. Subsequent users do not have full sudo privileges. (This is in Ubuntu 6.06 ie the stable version I will have to double check this in 7.04 and 7.10) Sudo can be restricted, and controlled, so that one user may only have sudo rights to mount hard drives, or update software, or just update the apt-cache. But managing sudo is an irritation, as once you limit the abilities, you have to explicitly state all commands you will allow. Sudo was originally intended for allowing limited access to one or two scripts/services that needed more then standard user privileges.
http://www.softpanorama.org/Access_control/sudo.shtml
Has a good over view of pros and cons.
Debian, the Ubuntu base, asks you for the root (administrator)password if you need access to root powers, this is the basic Linux method. The two password system used by 99.9% of *.nix systems is generally considered safer (and I agree with this mode of thought, see the cons in the listed article for sudo). And the su (run as)command exists in all Linux systems to allow you to gain root access if needed (using the root password).
MY problem with the Ubuntu security lies in its complete lack of a firewall and several unwanted services running by default. The firewall can be taken care of by straight command line (ACK! not for me yet, I am working on it though) or any of several gui tools to create the rule base for ipchains. The unwanted services (example a bittorrent service is enabled by default) can be turned off with the Services tab in administration, but this list is incomplete, thus requiring another option. The ncurses rcconf or the GUI tool BUM(boot up manager) are both in the synaptic gui or the apt-cache.
To Recap:
1) A single password allows the initial (most likely to be used) account administrator privileges on the machine through the use of their password.
2) No firewall at all by default.
3) Several unwanted and exploitable services are enabled by default.

If you are network savy, but not so much linux savy Bastille is a good package to help lock down a linux box. It is in the apt network for all Debian off-shoots, Gentoo has it, and I imagine all other major distros do as well.

All this being said, Ubuntu is still safer after a clean install then XP SP2. but its only half as secure as say a default Red Hat or Suse install. But then if you are really paranoid about security you would be running a BSD anyway...

Ubuntu is part of the security vs usability trade off in security, attempting to let people get their feet wet with Linux. ubuntu has vered to the side of improved usability
Posted by Dumphrey
7th Nov 2007

Keep Up with TechRepublic

Discover more newsletters

Follow us however you choose!

Media Gallery

View All

Hot Discussions

Start a Discussion
View All

Hot Questions

Ask a Question