Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Operating Systems Software Security Linux

New Linux Distros Insecure by Default? 122

An anonymous reader submits Two articles on Codefez and NewsForge review releases of Linspire 5.0 and Linare. Both these distributions let the user run as Root by default after installation, and don't prompt to set up a user ID. Is this a start of a new trend of 'dumbed down' Linux distributions that will damage the Linux reputation for security?"
This discussion has been archived. No new comments can be posted.

New Linux Distros Insecure by Default?

Comments Filter:
  • Morons (Score:5, Insightful)

    by Usquebaugh ( 230216 ) on Tuesday April 12, 2005 @06:25PM (#12218227)
    I mean they have the chance to sell a reasonably secure OS and insted they do this. Hanging's to good for em.
  • Mod summary: wrong (Score:3, Informative)

    by oldosadmin ( 759103 ) on Tuesday April 12, 2005 @06:36PM (#12218335) Homepage
    Linspire *does* have a "setup your computer" window come up. One of the buttons on it is to create a user account.

    Not perfect, but not as egregious as it was in Linspire 4.5 either.
  • linspire (Score:4, Insightful)

    by Pinefresh ( 866806 ) <william,simpson&gmail,com> on Tuesday April 12, 2005 @06:38PM (#12218358)
    Linspire has been doing this for awhile. They're trying to make newbies as comfortable as they can, but unfortunately they're doing it by emulating even the worst ideas of that other OS.
  • Somewhat old news (Score:3, Informative)

    by stoborrobots ( 577882 ) on Tuesday April 12, 2005 @06:40PM (#12218380)
    Linspire (formerly Lindows) made that decision a long time ago, and it has been brought up on Slashdot many-a-time...

    A quick search reveals this article from 2003 [slashdot.org] in which the founder of Lindows states his case for the matter...

    And this review from 2002 [extremetech.com] (linked to by /. [slashdot.org]) also noted this problem...
  • No (Score:5, Interesting)

    by Bastian ( 66383 ) on Tuesday April 12, 2005 @06:43PM (#12218412)
    Every linux distro I have used since Yggdrasil has done this. Red Hat 5, Slackware ninetywhatever, Mandrake, Gentoo, Debian, Caldera OpenLinux, SuSE. . .

    I've settled down in my Distro-hopping, so the examples I used in most cases were over four years old (Yggdrasil most certainly was. :-), but in my experience it's standard practise to start the user off with a root account and make the normal user account optional, possibly with a little admonishment saying that you really shouldn't use root if you can avoid it.

    None of them have ever spent much time explaining how sudo works and why you should use it.
    • Re:No (Score:3, Informative)

      Mandrake sets up the root account, but the default MdkKDM gui login doesnt allow root login, only the other accounts you set up at install.
    • Can someone point me to a good description of how to set up sudo and the advantages to doing so? I may be misunderstanding it, but it seems to me that sudo is not so great from a security standpoint because it allows root access with the user's password. How is this so different from just giving every user root access?

      Say I don't use sudo and I set up ssh to disallow root logins. That means that if someone hypothetically cracks my user password, they then have to crack the root password independently. T

      • sudo commands are logged. This means you have a log of what the users did as root. Once they su they are unlogged.
        • by ZosX ( 517789 )
          Also to add to your comment. When you use su, it is all too easy to forget that you are in a root shell and type a command by accident. rm -r is a dangerous thing when you don't realize what path you are on, etc. With sudo, you at least have to type sudo which at least forces you to realize what you are doing maybe bad. It is like having an override button. The system won't let you do something that may be dangerous, but you can always force it to do so if you choose. Also logging such actions are defin
          • Those are good points - thanks. I guess I can see the advantage if you were making a limited set of commands available to select users in a multiuser environment. But I still think that exposing all root commands on a single-user box like Apple and Ubuntu is a cracker's dream. Well, OK, that'd be win98, but still. Personally, I'd like to see the user have to enter the root password, or a third 'sudo' password to have access to 5 minutes of root access, but cie la vie.
            • If someone cracks your user password, you're probably as good as rooted anyway. Imagine the scenario:

              1) Someone manages to guess your password.
              2) That person makes a hidden directory.
              3) That person installs a keylogger in that hidden directory. The keylogger's executable name is "ls", and it starts the process of logging keys, then issues an actual ls command using the arguments specified.
              4) That person changes your path to point to the hidden directory first.

              The first time you run ls after he has done
              • This is why a secure attention sequence is a good idea. A magic keystroke that cannot be intercepted by user programs and which users get used to typing before entering their password. If sudo asked you: press Ctrl-Alt-Del to authenticate yourself, then a keylogger installed with a user account wouldn't be able to get the root password. This is one thing Windows gets right (from its VMS heritage).
        • Also, sudo only gives you root permissions for a short time. . . if an app needs root privileges, you have to specifically run that app as root, rather than having everything run this way.

          This is immensely important if you want to protect your computer from trojan horses, macro viruses, etc. - a great number of Windows viruses and such can't infect the computers of people who don't run as Administrator all the time.
        • by smash ( 1351 )
          Also (and most importantly), with sudo, you can allow ONLY SPECIFIC COMMANDS, for specific users (as listed in the sudoers file) to be run as root.

          Ie, if a user needs the ability to start/stop some daemon, you could allow the init file for that daemon in /etc/sudoers, but not give them sudo access to anything else.

          smash.

      • Re:No (Score:3, Informative)

        by drsmithy ( 35869 )
        Can someone point me to a good description of how to set up sudo and the advantages to doing so?

        There's enormous amounts of material on the 'net for setting up sudo (which, be warned, is a very non-trivial task if you want to do it properly), so I won't try and replicate any of that.

        The biggest advantages are:

        1. An audit trail (every sudo command is logged).

        2. The ability to restrict what a user can 'sudo' to individual commands (even individual parameters, I suspect, although I've never tried).

        I gu

    • The distros from the mid to late '90s seemed to have been more secure. But as of late, most distros have seemed to have made it too easy to run as root. The latest from Linspire allows the user set up a normal user account contrary to what has been published recently. The problem is, Linspire doesn't encourage, call out or insist that the installer create a normal user account. I know this is to make it "easier"...but why not train the newbies early before disaster strikes?
    • Re:No (Score:4, Informative)

      by aonaran ( 15651 ) on Tuesday April 12, 2005 @08:32PM (#12219339) Homepage
      That is what I liked most about Ubuntu.

      It ships with the root account DISABLED!
      It threw me off at first, but the documentation clearly explains how to use sudo and why they decided it is better to set up the first user as a sudoer rather than set up an active root account and a dumbed down user account for day to day stuff.

      • It ships with the root account DISABLED!

        Not that this really makes any difference, out in the real world...

    • by bcmm ( 768152 )
      No they don't. I've tried Mandrake, Gentoo and Debian, and MDK and Debian both prompt you to set up your account, while Gentoo (at least when I installed it) doesn't really have an installer but if you follow the instructions (and if you're not following the instructions you WILL already know...) it tells you to set one up, and how to set one up.
  • Yes! (Score:4, Insightful)

    by Stevyn ( 691306 ) on Tuesday April 12, 2005 @06:44PM (#12218422)
    One of the best things about linux is ordinary users don't have write access to the entire computer. This means that if one day linux malware does become a problem (as Microsoft predicts), then it will only affect individual accounts and not the entire computer.

    Aside from malware that probably doesn't exist yet, it's still a good idea to have a window pop up or a console to prompt you for a root password because it lets the user know the action they take may harm their computer. It also hinders mistakes like deleting necessary files from happening accidentally. Security should be the main concern of a computer connected to a network or in an area more than one person can use. This enforces that concept and can greatly protect a computer than if it was always running as root.
    • Re:Yes!... NO! (Score:3, Informative)

      by pr0c ( 604875 )
      Considering that a lot, if not most, computers are used by one user then the whole root access thing is moot.

      1.) All the important, not easily recoverable files are typically in /home/ which is obviously (intentionally) vulnerable 2.) Malware can still run automatically from things like ~/.bash_rc everytime the user logs in which is typically how a lot of malware works on windows too ...run_once/run/etc in registry.. autoexec.bat.. whatever. Going back to my first statement, if only one user uses a mach
      • Re:Yes!... NO! (Score:3, Informative)

        by minus9 ( 106327 )
        If malicious software is installed by a user, when you type ps ax or use top or whatever gui tool you use to find out why the hell your machine is so slow you will see it running. Then you say "Oh shit! Rebuild time!". If the software gets onto your machine via the root user it can replace all these tools, or even insert a kernel module to intercept syscalls. It could then slowly corrupt all your data over several months (slowly screwing up all your backups along the way), or sit there spewing out spam and
        • If malicious software is installed by a user, when you type ps ax or use top or whatever gui tool you use to find out why the hell your machine is so slow you will see it running.

          I doubt there's much overlap between users capable of doing this and users likely to have malware on their machines.

    • One of the best things about linux is ordinary users don't have write access to the entire computer. This means that if one day linux malware does become a problem (as Microsoft predicts), then it will only affect individual accounts and not the entire computer.

      This will be a hurdle for about as long as it takes malware writers to start modifying their software to not try and install system-wide. In other words, not long (once machines with non-admin users become widespread).

  • OK, so the user is root by default but presuably services are still running under service accounts? That, surely has got to be of benefit.
  • by kisielk ( 467327 ) on Tuesday April 12, 2005 @06:51PM (#12218488)
    I installed Ubuntu just the other week and was momentarily perplexed that I couldn't su to root. After some consultation on IRC, I learned that Ubuntu has no root account by default, and you can access things you'd normally do as root by sudo, and applications requiring root just ask for your password. As I understand it, this is similar to how it works in OSX. In my opinion, this is the right direction to go in for single-user machines such as home desktops. Of course, stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything. I can't really think of any way off-hand to give home users the power they need to install apps while still preventing trickery like that..
    • yeah, but having to manage your files via the console can be annoying, since there's no root file manager
      • I agree, mc / midnight commander isn't enough.

        It's a design thing that requires a rare holistic view.

        The best candidate to watch is osX but I'm not familiar with that
      • How about "sudo nautilius" (or whatever the filemanager is in gnome)?

        And how much file management do you have to do as root that makes it that important?
      • I had a chance to use a Gnoppix Live CD last week (Gnoppix being based on ubuntu).. You can "sudo sh" and get a root prompt....
        • Well. It's time to tighten up our asterisks, isn't it.

          Quit with the Bevis laughter, already! I'm talking about "splat" in your /etc/sudoers.

        • Gnoppix is Ubunto niece not its child

          Debian (parent)
          Knoppix and Ubunto (both children of Debian)
          Gnoppix child of Knoppix

          • Thats how I remembered it from a number of years ago, but, from its homepage

            Gnoppix is a linux live cd based upon Ubuntu . It can be compared to Knoppix but Gnoppix uses GNOME as desktop environment.

            In fact, Im not so sure that it was ever based on Knoppix, just inspired by it. It may have gotten its live-cd-ness from Knoppix, but its Gnome packages drirect from Debian (and now Ubuntu). That sounds like a plausable history, but its just a guess. Either way, today it is based on Ubuntu.

            • You are right I looked it up. Gnopix used to be Knoppix with enough changed to include Gnome. Ubunto comes with a live cd. The Gnoppix team switched from Knoppix to Ubunto as their base. The Ubunto and Gnoppix team are talking about making Gnoppix the live version of Ubunto.

              Sort of an anti-fork.

      • sudo *inset filemanager*
        if you really must .. but its rare that you will need a root account for filemanagment .
        Though any filemanagement you need root to perform ,but find it tricky via shell ..would hint to me that you require a better knowlidge of the shell ,Though phrasing this to not sound insulting is hard I honestly do not mean to .
        Alot of people dont realise the full potential of the shell for file management.
    • by adric ( 91323 ) on Tuesday April 12, 2005 @08:11PM (#12219172)
      After some consultation on IRC, I learned that Ubuntu has no root account by default
      Not quite. Ubuntu doesn't set a root password by default, which leaves the account locked (to interactive logins), but it's still very much present. The traditional behaviour can be restored simply by running the passwd command via sudo.
    • and applications requiring root just ask for your password ...
      stupid users will still type their passwords in when malware prompts for them, but that's more of a user education issue than anything.

      Because telling them to have and use a separate root password, and why, isnt an user education issue?
      To me this clever trick is actually a nice way to lose an opportunity to do such an education.

      2 or 3 days ago, a newbye on a community forum for another user-friendly distro was complaining that he had to type
    • What Ubuntu got wrong is that they did not tell you about this before hand.

      Believe me it is a pain in the ass for a first time Linux user that does not know the meaning of sudo. Of course the installation instructions do tell you to use sudo to do various things ... but do not explain what sudo means or does.

      When my installation screwed up, I had to start editing various configuration files and had no idea how to save changes. It took me a couple of hours browsing trough their forums and wiki to figure ou
  • Security and useability are closely tied.

    If a lock is so hard to use it never gets used it's a bad lock.
  • by bug1 ( 96678 ) on Tuesday April 12, 2005 @07:46PM (#12218957)
    A clueless newbie should never consider there OS to be secure, they dont have the knowledge to make a judgement on it.

    Maybe a lot of the demographic this distro is targeting doesnt even know what root is.

    Plus, there is a saying (from the *BSD folk i think) "without physical security there is no security"

    Get a bit of perspective, you need knowldege to have security, its not just a configuration issue.
  • Is it just me.. (Score:2, Insightful)

    by rookworm ( 822550 )
    or is Linspire a really bad deal? I don't see any advantage over other desktop linux distos (Ubuntu, Fedora, etc.), or for that matter OSX or even Windows.

    If you want it free, go with Ubuntu, If you want it cheap, go with Windows, and download freeware apps. It seems like Linspire users are paying just to use a second- rate distro.

    Anyone care to enlighten me?

  • the other direction (Score:3, Informative)

    by fred fleenblat ( 463628 ) on Tuesday April 12, 2005 @08:08PM (#12219137) Homepage
    What I'd like to see is even more user granularity. One account for browsing the web, another for reading email, another for ftp'ing. Even if you download or click on some malware, not only is your OS protected, but now your user id's files are also safe.

    When it comes time to actually use the files you downloaded, there should be a malware-scanning chown that checks the file is safe before assigning it over to you, perhaps on top of a check that firefox's chroot jail is not disturbed.
    • Real normal people are not going to do this. Hell, I would never do this. You would spend half your time logging in and out of the machine and never actually get any work done. The computer is there to be a work aid for most folks, what you're suggesting is the worst workflow ever. P
      • In linux you can run a program as a different user without logging out. If it's a setuid program, you don't even have to type in a password. Depending on how the idea is implemented, real normal people might not even notice anything was different until they tried to download a dodgy zip file or something.
        • Don't make programs setuid! There are very few cases where setuid is required, and in almost all of those cases the programs themselves are design to drop priviledges ASAP.
    • by Aldric ( 642394 )
      I currently have Firefox, Thunderbird, Quanta Plus, Anjuta, and a terminal window open. These are the bare minimum for performing my job and I'm sure nearly every employed programmer is the same.
    • This is actually a very good idea, but very hard to implement with current commercial operating systems without driving the user crazy (log in, log out).

      The basic problem is that processes run with the full privilege of the logged in user. This violates the principle of least privilege. Why should your web browser be able to format your hard disk? Overwrite your tax documents? Why should your word processor be able to instantiate a network connection? It's not just access to files, it's access to serv
  • Linspire 5.0 installs as root just like any Linux OS but informs you to create users after setup.

    I wish that would quit popping up every time Linspire turns a corner.

    Ubuntu is a good example of the right way to do things I think. Root's there but you have to look up how to do it. However Linspire seems to have more things working for it. Unbuntu cant suspend on some machines, Linspire can, Unbuntu cant see my broadcom wireless card and getting my prism54 card going was tricky but in both cases Linspire
  • Damage Linux's reputation?

    Come on. Too many people care too much about rumors and "repuations" instead of getting the facts. People who seriously use and understand GNU / Linux know that scares like this are stupid, and that no operating system is secure by default: in order to secure your computer, you need to understand how it works yourself... you can't simply trust a company to secure it for you.

    If anything, this will damage Linspire's reputation, not GNU / Linux's reputation. People probabl

    • Not quite.

      It only takes one linux distribution to be unsafe for certain marketing whores to start up the FUD machine and start cashing in on that piece of information. It may be disonest but that's the way marketing works. While the people on the know will laugh at the idea, the ignorant masses will read that linux, as a whole, is very insecure and move away from it.
  • I was reading this post, and I got to thinking about a comparison that Linspire had put up on one of their sites (then called linuxshootout.com; now called tryoutlinux.com). It was pretty bogus then. Anyway, I tried to go there, and got forwarded to the URL listed above. It's interesting how they claim that they are the most popular version of Linux for desktop computers. Yes, you heard me right.....Head on over to tryoutlinux.com, and check out point number 5 under the 'Why Linux' section.
  • 1. Design linux distribution that mimics the look and feel of another profitable operating system as well as offering similarily poor security charachteristics.
    2. ?!?!?
    3. Profit.

    Only M$ knows the answer to part 2.
  • Linspire does not run as root. It does allow one to do so -- but so does Fedora, SuSE, and Mandrake. The problem is not with this but having 30 daemons running by default when possibly 7 are needed.
  • Linspire et al. will not be able to succeed without the goodwill of the community. Why? Because you cannot make something truly useful out of the thousands of free software packages out there without utilizing the power of volunteers. You will end up being a "proprietary vendor", one which has to rely on its own resources because volunteers are not comfortable working for you. You will be outsmarted by distributions which have thousands of people from around the globe working on them.

    But it's not just the

  • Well... hell he was a director of the company, so therefore he was entitled get to log in a root on "the company" unix box.... it only seems logical that he should log in a root all the time.

    But that was just the start...
    Next thing were the permissions on the files/directories that he created. They were just wrong. We couldn't read some files he created that needed to be shared, we couldn't fix the permissions, we couldn't rename or move directories created by him. We couldn't even tell which w
  • I think people have not spent considerable amount of time and effort into explaining and educating users about how to use sudo for their necessities and not just su or even worse - login as root, totally discarding the normal user account, to solve their problems. I spent the first 4 months of my linux life (after I switched from Windows one fine day) without realising that there was something called sudo and running as root all the time inorder to avoid all problems. This I think is partly due to the fact
  • ...that unless and until the difference between root and other levels of access are clearly explained as well as sudo, this will keep on being old news.

    Look at the false security of WinXP Home. "Oh, I'm not worried, I can't log in as Administrator unless I go to Safe Mode." So what? The average user's account is Administrator group by default and it's always root access. No end to the misery you can get into. Trojans can get total system access without their coders trying very hard at it. There's a reaso
  • Not quite. (Score:2, Interesting)

    by Omni Magnus ( 645067 )
    Even the most insecure Linux distro is more secure than Windows can be.

We are Microsoft. Unix is irrelevant. Openness is futile. Prepare to be assimilated.

Working...