mac_v, You raised very interesting point that the possibility of applications asking the user for root access without proving themselves as real system applications is a security risk. However I do not think the orage icon can solve this problem. It is true that a malicious application can fake the update-manager window. But a malicious application can also fake the orange icon or whatever notification approach we choose, as you are assuming that the "virus" is already running application under user privileges.
I believe that Vincenzo gave an interesting solution below. It is worth some thought from the developers. But it is a different issue. Paulo Em Ter, 2009-06-16 às 12:00 +0200, Vincenzo Ciancia escreveu: > On 16/06/2009 mac_v wrote: > > In no way the system should decide what windows it can open... > > If this is allowed it is only a matter of time before someone > > develops a > > worm which uses this behavior and pops-up a window similar to the > > update > > manager which also asks for the user password allowing the worm to > > take > > control of the system using this password info. > > *Is ubuntu only going to realize this security risk after someone* > > *develops a proof of concept worm or a real virus* ? > > If this is done linux will no longer be THE secure OS. > > All windows in the window list should only be triggered by the user, > > all > > other system process should only trigger a notification. > > > Do you think it is easy to design a webpage that simulates such a > "password fraud"? I see a difficulty here due to having to dim the whole > screen to look like the standard password request, not that an user > would not enter it in any kind of pop-up. > > On the other hand, I have an idea for a secure way to ask for user > input. In the installer, the user choses her own password, and the > "secret phrase" which will be written in a root-only accessible file. > This sentece will be shown to the user by the system when a password is > asked and will autenticate the system with the user. The user should > then be instructed not to enter his own password unless the right phrase > is seen. A random phrase may be suggested automatically from a huge list. > > Vincenzo > -- Paulo José da Silva e Silva Professor Associado, Dep. de Ciência da Computação (Associate Professor, Computer Science Dept.) Universidade de São Paulo - Brazil e-mail: pjssi...@ime.usp.br Web: http://www.ime.usp.br/~pjssilva Teoria é o que não entendemos o (Theory is something we don't) suficiente para chamar de prática. (understand well enough to call practice) _______________________________________________ Mailing list: https://launchpad.net/~ayatana Post to : ayatana@lists.launchpad.net Unsubscribe : https://launchpad.net/~ayatana More help : https://help.launchpad.net/ListHelp
