Active Topics
-
Porting apps to Leste (32)
to Maemo 7 / Leste by Arno_11 - 34 mins ago -
[ANNOUNCE] CSSU-thumb thread - stable Thumb2 on N900 (2,264)
to Maemo 5 / Fremantle by panjgoori - 1 day, 18 hrs ago -
Full linux distros on Sailfish OS (254)
to SailfishOS by qoh - 2 days, 16 hrs ago - more...
|
2008-04-17
, 13:36
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#52
|
Originally Posted by Navi
The first part of this is a much better answer than anything else in the thread, *except* I thought someone who seemed to know what they were talking about had already said that was easily arranged when AppMgr runs? If the above is really the answer, then I'm startled that people have presented some of the arguments they have when this one was available, especially as some as the posters obviously have developer level knowledge of the platform. And I would be very narked indeed at Nokia for not providing a discussion of the risks and benefits of root mode in the user guide, if you're right. Of course I'm already narked at them for not discussing security at all other then the previously quoted one sentence "You're screwed" warning.
The viruses that do exist can't do any real damage unless executed by the user as root, and the keyloggers that are available on the net are extremely hard to get working.
Otoh, even leaving keyloggers aside - which I suspect we shouldn't - there's still the question of file snooping.
Last edited by meanwhile; 2008-04-17 at 13:38.
|
|
2008-04-17
, 13:48
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#53
|
Regarding Navi's argument, Nokia
say the following, which seems to be relevant:
"Instead of a multi-user system such as a traditional Linux desktop, maemo is considered a single user desktop system. The security model in maemo is focused on protecting
the user from remote attacks and from his/herself, not from other users. Maemo also uses suid root binaries and /etc/password where as Ubuntu enforces the use of sudo
and shadow passwords.
Unlike Ubuntu, maemo makes use of a root account like Debian does but has a trivial default password. The user should really change the root password before installing
e.g. OpenSSH to the device with root login."
So in fact, rather than there being the defense that Navi imagines, it seems that a rogue application could easily become root on most NITs - assuming that the platform has managed to sell reasonably well to people who aren't Debian developers.
say the following, which seems to be relevant:
"Instead of a multi-user system such as a traditional Linux desktop, maemo is considered a single user desktop system. The security model in maemo is focused on protecting
the user from remote attacks and from his/herself, not from other users. Maemo also uses suid root binaries and /etc/password where as Ubuntu enforces the use of sudo
and shadow passwords.
Unlike Ubuntu, maemo makes use of a root account like Debian does but has a trivial default password. The user should really change the root password before installing
e.g. OpenSSH to the device with root login."
So in fact, rather than there being the defense that Navi imagines, it seems that a rogue application could easily become root on most NITs - assuming that the platform has managed to sell reasonably well to people who aren't Debian developers.
 |
|
2008-04-17
, 16:47
|
|
Posts: 4,930 |
Thanked: 2,272 times |
Joined on Oct 2007
|
#54
|
Of course a "rogue app" can become root; same as on Ubuntu, Debian or pretty much anything else, after deceiving the sysadmin into installing it. If your sysadmin installs trojans, you're screwed, oddly enough. But a trivial default password has nothing to do with it, because root logins, su, or any other method of directly accessing root is not possible by default; that's why they warn you in case of installing something which permits root login.
But you will note that Navi said "viruses", and you're talking about trojans (AKA rogue apps, I guess). A virus must be run as root, or in an suid-root binary to infect system-wide binaries; you'd then have to distribute those infected binaries to another system where they'd have to be run as root or suid root to spread farther...
A key logger seems not worth worrying about; what would you do with a key logger you couldn't do easier otherwise? (Say, a tweaked version of the input methods, where instead of just going to *s in password fields, also uploads them + some information about the foreground app, and maybe things that look like credit card numbers, too.)
But you will note that Navi said "viruses", and you're talking about trojans (AKA rogue apps, I guess). A virus must be run as root, or in an suid-root binary to infect system-wide binaries; you'd then have to distribute those infected binaries to another system where they'd have to be run as root or suid root to spread farther...
A key logger seems not worth worrying about; what would you do with a key logger you couldn't do easier otherwise? (Say, a tweaked version of the input methods, where instead of just going to *s in password fields, also uploads them + some information about the foreground app, and maybe things that look like credit card numbers, too.)
|
|
2008-04-18
, 15:31
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#55
|
Originally Posted by tabletrat
The typical windows firewall doesn't provide finegrained programmatic access. Otoh, killing the firewall absolutely will rather be a giveaway to most users - eg because it won't be shown in the menu bar anymore.
I have several and always have had.
Almost never means GUI interaction. Anything you can control in any way, can be controlled by any other thing If you have a virus/keylogger/whatever, it is running at the same privilege level as you, so it can control your firewall as well as you can. Maybe even better because it is putting effort into it.
[Using a logically identical case] That is going to an extreme to try and prove an argument. It is nowhere near the same level of importance.
I am referring to knowing what you install on your NiT, and knowing where it came from. You can't be expected to know every line of code running, but you can be expected to know what you have installed, and know what level of trust you give that code.
(Yes, using an analogy is "extreme" - go and read Plato or take an introductory course in logic.)
|
|
2008-04-18
, 15:36
|
|
Posts: 66 |
Thanked: 17 times |
Joined on Apr 2008
|
#56
|
Originally Posted by brontide
Assuming you're talking abouut Windows: that assumes that the keylogger could get control of the browser or mail package. This cold happen as the result of a flaw in implementation of the same, but there's a difference between an obscure flaw which gets patched, and an OS which has no security at all by design. If you're talking about maemo: yes.
Of course the keylogger could just use the web or mail to export the data. A firewall is virtually useless for stopping outgoung data.
Reallistically it's not worth the time... even code that subverted 50% of the NIT's thats still less systems than code that subverted .001% of the windows boxen out there.
|
|
2008-04-18
, 15:54
|
|
Posts: 3,841 |
Thanked: 1,079 times |
Joined on Nov 2006
|
#57
|
@meanwhile: Re. your edits at wikipedia: If there's anybody doing 'vandalism' on that page it's _you_ and nobody else. Please back off.
__________________
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
N800/OS2007|N900/Maemo5
-- Metalayer-crawler delenda est.
-- Current state: Fed up with everything MeeGo.
| The Following User Says Thank You to TA-t3 For This Useful Post: | ||
|
|
2008-04-18
, 16:06
|
|
Posts: 605 |
Thanked: 137 times |
Joined on Nov 2005
@ La Rochelle, France
|
#58
|
Originally Posted by TA-t3
I fully agree with you !
@meanwhile: Re. your edits at wikipedia: If there's anybody doing 'vandalism' on that page it's _you_ and nobody else. Please back off.
 |
|
2008-04-18
, 16:12
|
|
Posts: 868 |
Thanked: 474 times |
Joined on Oct 2007
@ Capital District, NY, USA
|
#59
|
Originally Posted by meanwhile
Thanks meanwhile, I needed a good laugh today.
Even unsecured PC's are protected by information passed on from secured ones.
|
|
2008-04-18
, 16:35
|
|
Posts: 4,930 |
Thanked: 2,272 times |
Joined on Oct 2007
|
#60
|
Originally Posted by meanwhile
Please explain why UNIX is used anywhere if IPC in general and pipelines in particular is such a horrible thing? Trying to keep evil software on your system and stop it from talking to anything else is not the only way to have a secure system, and many would argue it's not even a good way, applied to the entire system. (It's more applicable to web apps, where java or flash do provide respectable security against these casually downloaded and executed apps, by limiting their access to ~everything.)
Assuming you're talking abouut Windows: that assumes that the keylogger could get control of the browser or mail package. This cold happen as the result of a flaw in implementation of the same, but there's a difference between an obscure flaw which gets patched, and an OS which has no security at all by design. If you're talking about maemo: yes.
ǝɥʇ ʇnoɥʇıʍ sɹǝsʍoɹq uo ʞɐǝɹq
llıʍ ʇı ɥƃnoɥʇ 'looɔ ʎʇʇǝɹd s,ʇı
Anyway, applying that filter would be fairly simple, and complement the image flipping nicely.