Page 1 of 3 123 LastLast
Results 1 to 10 of 24

Thread: Require password to install anything onto system?

  1. #1
    Join Date
    Nov 2010
    Beans
    183
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Require password to install anything onto system?

    Is there any way torequire a password for anything to be installed onto my computer? For example, lately, I clicked on an image in googleimages that ended up installing something onto my pc. If a password was required for any installation, this would not have happened.
    Switching from Windows to Ubuntu one small step at a time

  2. #2
    Join Date
    Sep 2010
    Beans
    898

    Re: Require password to install anything onto system?

    What exactly was "installed"?

    If you're using firefox for browsing, the Noscript add-on is highly recommended.

  3. #3
    Join Date
    Apr 2010
    Location
    Wales, UK
    Beans
    92
    Distro
    Ubuntu 11.04 Natty Narwhal

    Re: Require password to install anything onto system?

    If you have a typical 'buntu setup, then unless you came across a tailored exploit nothing will have been 'installed' any higher than /home/username/
    That's not to say you didn't actually came across an exploit.

    Apparmor is the de facto protection for 'buntu. I noticed in your previous post you're using SELINUX. If I remember rightly it only separates system and user processes, so anything your browser has full reign over your home folder.
    In case I don't see ya; good afternoon, good evening, and goodnight

  4. #4
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Require password to install anything onto system?

    I have to agree with the others, apparmor is your best bet.

    the rest of your system (everything outside your home) should be safe by default, as only root is allowed write access, and would require sudo/gksu to install, and the installer would have to have the ability to set permissions to enable the execute bit.
    that means the only location the browser can write to is within your /home/user directory.

    apparmor restricts your browser to only have access to resources it requires to function, and thus limits any potential damage to those specific locations.

    in the long run, that is the best you can do. a browser by definition needs the ability to download files from the internet and write them to disk. in the case of executable content (flash/java) it must also be able to execute files it writes.
    Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

  5. #5
    Join Date
    Nov 2010
    Beans
    183
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Require password to install anything onto system?

    Yes, I use the NoScript add on. I actually found through an RSS Feed I get from a security web site that there was a flash vulnerability just fixed the other day for cross site scripting. Guess what google is written in?

    Anyways, thanks for the advice. No script is pretty awesome. I use Ghostery as well. They are kinda similar.

    Also, I don't know what was installed. Another user in my house told me what happened. I did not even boot the pc up in Ubuntu to find out. I just stuck the install cd back in and wiped it.

    Quote Originally Posted by Dave_L View Post
    What exactly was "installed"?

    If you're using firefox for browsing, the Noscript add-on is highly recommended.
    Switching from Windows to Ubuntu one small step at a time

  6. #6
    Join Date
    Nov 2010
    Beans
    183
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Require password to install anything onto system?

    I am going to install app armor tonight I believe. I read some nice things on it. Thanks for the info. I thought that nothing would get installed any higher than that. But, you never know when the first big outbreak could occur.

    Quote Originally Posted by CandidMan View Post
    If you have a typical 'buntu setup, then unless you came across a tailored exploit nothing will have been 'installed' any higher than /home/username/
    That's not to say you didn't actually came across an exploit.

    Apparmor is the de facto protection for 'buntu. I noticed in your previous post you're using SELINUX. If I remember rightly it only separates system and user processes, so anything your browser has full reign over your home folder.
    Switching from Windows to Ubuntu one small step at a time

  7. #7
    Join Date
    Nov 2010
    Beans
    183
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Require password to install anything onto system?

    Sounds good. Thanks for the info.

    Like I posted above, I am going to set up app armor right now

    Quote Originally Posted by doas777 View Post
    I have to agree with the others, apparmor is your best bet.

    the rest of your system (everything outside your home) should be safe by default, as only root is allowed write access, and would require sudo/gksu to install, and the installer would have to have the ability to set permissions to enable the execute bit.
    that means the only location the browser can write to is within your /home/user directory.

    apparmor restricts your browser to only have access to resources it requires to function, and thus limits any potential damage to those specific locations.

    in the long run, that is the best you can do. a browser by definition needs the ability to download files from the internet and write them to disk. in the case of executable content (flash/java) it must also be able to execute files it writes.
    Switching from Windows to Ubuntu one small step at a time

  8. #8
    Join Date
    Nov 2010
    Beans
    183
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: Require password to install anything onto system?

    So, just to make sure I understand, there is no way to require a password to be set for any installation on the system, correct?

    I see passwords being required when I use sudo, when I go through the Ubuntu Software Center to install programs, and when I use Synaptic to install things. But, when I install items from the internet myself, I am not prompted for a password in all cases ( cannot remember specific ones at this moment, but can add later when I find an example ).

    I would think that requiring password confirmation on every single thing that gets installed onto a system would cut down on a lot of malware issues. Although, it may get annoying in instances like airport security, but maybe it could be configured as on or off.
    Switching from Windows to Ubuntu one small step at a time

  9. #9
    Join Date
    Dec 2007
    Location
    The last place I look
    Beans
    Hidden!
    Distro
    Ubuntu 10.04 Lucid Lynx

    Re: Require password to install anything onto system?

    keep in mind, there isn;t really such a thing as "installing" in the context of which you speak.
    yes, anything "installed" via dpkg (apt-get/synaptic/softwarecenter) requires a password, but you do not need to use dpkg to write an executable file to your cache, mark it to allow execution and running it. as such this is not an "installation". in fact, the only reason dpkg requires a password is because teh file permissions in the location it wishes to install the file require root to write. since /home/user/ is writable by your user, installing a package into it would not require a password.

    there is an old unix command "install". all it does is copy the executable to the folder specified, and sets the execute bit.

    so there really is no differance between writing a file to your disk (temp internet files, cookies, content pages, etc) and installing a program to run from /home/user/
    Last edited by doas777; June 7th, 2011 at 03:53 PM.
    Things are rarely just crazy enough to work, but they're frequently just crazy enough to fail hilariously.

  10. #10
    Join Date
    Oct 2009
    Beans
    Hidden!
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Require password to install anything onto system?

    Quote Originally Posted by toolmania1 View Post
    Yes, I use the NoScript add on. I actually found through an RSS Feed I get from a security web site that there was a flash vulnerability just fixed the other day for cross site scripting. Guess what google is written in?
    Google has been using HTML5 for a while now hasn't it?
    Come to #ubuntuforums! We have cookies! | Basic Ubuntu Security Guide

    Tomorrow's an illusion and yesterday's a dream, today is a solution...

Page 1 of 3 123 LastLast

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •