TuxTeam.com

Please Note: This is only relevant to single-user desktop installations of Linux. The issues I will discuss here don’t apply to servers. In fact, the exact opposite applies there.

“Don’t run as root” is an oft-repeated mantra of *nix security. While I agree 100%, it’s not as big on the desktop as some would think. I’d like to point out why here. I still believe you shouldn’t login as root, but I also believe that it’s up to each user to make their own decision.

Think about the data on your computer. What matters to you? E-Mail? Documents? Images? Most of us have things like family photos, financial records, personal communications, saved passwords, or other sensitive or irreplaceable data. This is what we want to protect. When I backup my desktop, I backup my home directory. I don’t backup my OS install, software, or anything else that is not private or difficult to replace. Think of this as the “important stuff.”

So, let’s talk about the important stuff. What users have access to YOUR important stuff? Most likely, your own user, and the root user. So, great, not running as root eliminates one of the possible users that can access your file. So what user do you run as? Your own user. So it’s pretty obvious that not running as root doesn’t restrict access to the important stuff.

Need proof that your data is no safer under your own user? Think about running “rm -rf /” as root or as your own user. What happens to your data either way? It’s gone. Don’t run this, just think about it.

So what do you gain by not running as root? Well, your system is a lot less likely to be the victim of an ongoing compromise. As root, an attacker can modify your operating system to their liking. Think that’s not much? Guess what: your ssh client now sends the username, host, and password for any system you connect to to a server in China. Or maybe new files you create are uploaded to an anonymous file-sharing site on the internet. Perhaps every key you touch is recorded to grab usernames, passwords, credit card numbers, and your most personal conversations. Or maybe an attacker uses your computer as a middle man for downloading child pornography. That will be fun to explain to the FBI.

So, obviously some things need to run as root: system configuration tools, for example. However, running these using sudo limits your exposure to just these utilities, rather than the thousands (millions?) of lines of code in a full desktop environment.

In short, if you want to run as root on your desktop, go for it. But know the risks, and know the consequences. On the other hand, don’t chant “don’t login as root” as if it’s a magic bullet for security.

There are two substantial features present in Ubuntu Server (and desktop, though less often used) that are significant, but under-utilized. The first of these is the AppArmor framework. For example, on my LAMP server, only dhclient3, mysqld, and tcpdump have apparmor profiles. OpenSSH and Apache are obvious candidates for AppArmor, as they are commonly exposed to public networks, and compromise of them could have a significant impact on a server. Edit: I missed some profiles here, but there is still no comprehensive profile for Apache or OpenSSH. Installing apparmor-profiles does improve things somewhat, but there is still much to be done.

The 2nd tool is UFW (the Uncomplicated Firewall), which my server has profiles for apache, dovecot, openssh, and postfix. While not everyone uses UFW, it’s extremely straightforward to produce UFW profiles, so there’s hardly any excuse for apps not including one.

I’m not completely certain how the UFW rulesets are included in a package. Once I’ve dissected this, I’ll be producing UFW rulesets and filing bugs against packages to include them. I don’t feel that I have enough AppArmor expertise to produce profiles that are of quality to be redistributed, so I can only encourage package maintainers to examine the benefits of AppArmor for their package.

I hate to use this as a venue to address issues I’m having with the Canonical Store, but I’m somewhat disappointed in it.  On the 21st of June, I ordered the “Ubuntu Certified Professional – Exam Bundle.” As of today, I still have not been able to get the codes to register for my exams with Pearson VUE. Last week, I contacted Merchandise Mania (the operators of the Canonical Store) and they said they would pass my concerns on to Canonical and someone would contact me “if they can help.” I still haven’t heard anything. So if anyone involved with this at Canonical reads this, I’d greatly appreciate an update.

Update: I was contacted this morning by a very nice Canonical employee who has gotten me sorted out. It’s this kind of customer service that I appreciate in a company. Thanks, Canonical!

Several organizations, including parts of the US government, have successfully screwed things up, or promised to screw things up, this week:

• The USPTO granted a patent to Amazon.com for charging for computing resources on an as-used basis.  This is similar to the chargebacks of mainframe computers beginning in the 1960s.  Apparently patent examiners are not familiar with the term “prior art” or “obviousness.”
• White House cyber-security czar Peter Schmidt is considering rules that would put computers with viruses into a “walled garden.”  There is, of course, no discussion of how this will work — agents on your computer?  IDS?  Either way, false positives, SSL, and public wifi hotspots are sure to only make this a headache for legitimate users.
• ASCAP has shown themselves to be ass-hats.  Not only do they want to charge royalties that are crippling to non-profit organizations, but now they want to prohibit artists from using their choice of license for the media they produce.  They won’t be happy until they have control over the entire music market.  Apparently choice and freedom aren’t options for musical artists.

KSplice has posted an interesting article regarding the consequences of a single flipped erroneous bit in RAM.

It’s a well-documented fact that RAM in modern computers is susceptible to occasional random bit flips due to various sources of noise, most commonly high-energy cosmic rays. By some estimates, you can even expect error rates as high as one error per 4GB of RAM per day! Many servers these days have ECC RAM, which uses extra bits to store error-correcting codes that let them correct most bit errors, but ECC RAM is still fairly rare in desktops, and unheard-of in laptops.

Makes me want to build my next desktop with ECC RAM.  Of course, that requires a motherboard that supports it, among other things.  When you’re using encryption, a single bit error can result in the inability to decrypt an entire file.  I wonder what steps could be taken to mitigate those sort of issues.

Twitter has been, among other things, “barred for 20 years from misleading consumers about the extent to which it maintains and protects the security, privacy, and confidentiality of nonpublic consumer information…”  I believe that Twitter should not be misleading consumers about any aspect of their security, but it almost seems that a specific bar of this nature, and with a specific duration, seems like an implicit permission for other companies to mislead consumers (as they have not been so barred) and that, after 20 years, Twitter can mislead consumers all they want.  Seems like a bit of common sense that the FTC has felt the need to spell out…

AOL has apparently served the VideoLAN developers with an injunction preventing any ShoutCAST functionality from being included in VLC, or any other application that uses Open Source components or software.  I appreciate this greatly, as the next time I’m tasked with exploring streaming media solutions at work, I’ll have one less contender that I will consider.  To be specific, as far as I’m concerned, ShoutCAST is not a viable solution for any form of streaming media, and must be avoided like the proprietary plague it is.

I’ve come to the conclusion that I need to become more focused in some areas of my life.  I want to be able to contribute to open-source projects, including Ubuntu, but I realized that I don’t know enough about any single project to really dive in and work on the code.  I need to find a single project to contribute (codewise) to.

I sometimes feel that there’s this technological void in my life, with a desire to work on a project of some sort.  The big problem is that I have diverse interests: user experience, information security, embedded systems/robotics, etc.  I know it’s a ridiculous statement to make, but even at 25, I feel like I’m behind where I’d like to be in my life.

How do you all find your niche, and satisfy that urge?  Anyone got a favorite project that needs some love?

Most CS professors would probably take a look at the title of this post and assume it’s a senseless rant or otherwise misdirected, but it turns out it’s true: binary heaps are slow on real computers (not the theoretical systems often discussed in CS classrooms).  Poul-Henning Kamp, author of the Varnish HTTP Accelerator, discovered and wrote about this for the ACM.

If you’ve been trying to use the Android SDK on Ubuntu 10.04, you might be getting an error like:

No command line parameters provided, launching UI.
See ‘android –help’ for operations from the command line.
Exception in thread “main” java.lang.UnsatisfiedLinkError: no swt-gtk-3550 or swt-gtk in swt.library.path, java.library.path or the jar file
at org.eclipse.swt.internal.Library.loadLibrary(Unknown Source)
at org.eclipse.swt.internal.Library.loadLibrary(Unknown Source)
at org.eclipse.swt.internal.C.<clinit>(Unknown Source)
at org.eclipse.swt.internal.Converter.wcsToMbcs(Unknown Source)
at org.eclipse.swt.internal.Converter.wcsToMbcs(Unknown Source)
at org.eclipse.swt.widgets.Display.<clinit>(Unknown Source)
at com.android.sdkmanager.Main.showMainWindow(Main.java:265)
at com.android.sdkmanager.Main.doAction(Main.java:249)
at com.android.sdkmanager.Main.run(Main.java:94)
at com.android.sdkmanager.Main.main(Main.java:83)

If you’re getting this, try installing libswt-gtk-3.5-java and then running the android SDK via: ANDROID_SWT=/usr/lib/java ./android

Hope this helps somebody.