Is ubuntu another rootkit?

Asked by aaparker@gmail.com

I am sorry to ask this question, but after using ubuntu for a long time, and experiencing the ubuntu distribution, I felt a strong believe that ubuntu is used for a rootkit like activity.

1) ubuntu is not distributed preinstalled with a firewall.
2) security meajures are so weakly configured in user access control, in example, there are so many authentication schemes come with different packages, and when you uninstall one of them and want to continue in the traditional way like uninstalling sudo and trying to use su, many necessary packages are also removed because of dependencies and it turns distribution into something not much functioning as you intend.
3) you don't need to know a root pass, you are always root, with the preconfigured way of sudo which only askes my own password, which is always less hard to guess instead of a root password. This is something open to debate, but it is, from my point of view, definitely a way to make users feel they are running in a secure environment, although they are not!
4) There are many authentication schemes like sudo, kdsudo, gksudo, policykit, etc., which in general act inconsistent between each of them. I configure sudo to ask root password, but another one installs packages with synaptic with still my user password!
5) Please have a look at this link: http://music-electronics-forum.com/t19633/ there are strange installation issues at the new release. The latest 10.04 took very long time to install, and made suspicious activity at my hard disc and network.

So I want to ask a very serious question, is there an internal audit mechanism that would prevent people to integrate rootkit like activity to ubuntu distribution? How do you determine the developers and be sure they don't act for their own special secret purposes?

Configuring a secure operating system insecure does not make someone guilty, right? It is always easy to deny ubuntu was not intended to act as a vulnerable operating system for intruders when you choose insecure settings that are reconfigurable to be made secure.

This question is not for blaming everyone on the community, however, I have questions about ubuntu. Also, I didn't mention about the political decisions that are related with selection of keyboard layouts and country specific options...

Well, for what UK based canonical is serving for?!? It is not clear for me (or maybe it is much clear for now on)...

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :
#1

Point 1 is Incorrect, Ubuntu ships preinstalled with iptables and is set to run at boot.

Point 3 is also false, you are not root, root is root and user is user, the user is just a member of a special group named 'admin' which can grant the user elevated priveledges. Unless an app is launched with gk/sudo then the app is ran as user which makes it more secure. Running web browsers and irc clients etc as root is particularly foolish. The root password doesn't exist so is impossible to gues. As ALL Linux systems have a root account, this is the first account an attacker will try in order to get a connection. This will mean the attacker must not only guess the password but also a valid username. Again, security

Point 4 is a little mixed up, you will never be asked for root password as it doesn't exist (see above). To get elevated access we use gksudo / sudo etc. There is very little inconsistancy between them as far as the user is aware, gksudo / kdesu is used to run X based apps and sudo is for console based apps.

It is possible to get a rootkit, just like any OS can get viruses etc. The ownus is on the user to use best practice. With great power comes great responsibilty and things can be tightened down (again like any OS) but the standard install isn't too insecure at all.

Revision history for this message
aaparker@gmail.com (aaparker) said :
#2

Point1: Yes, it has firewall like all linux kernel have, but it is configured to allow everything by default! Please have a look at discussion confirming the situation, http://ubuntuforums.org/showthread.php?t=43273
Yes, technically, there is a firewall, but no, it is configured to allow everything!

Point3: It is not difficult for an attacker to guess the user name, since it registers my computers hostname to "username-laptop" by default at my current installation!

Point4: When you change the sudo configuration to add additional security to your system to ask root password instead of user password, and define a root password, this is the situation you may encounter.

Ok, here is the receipt:
Add rootpw to your sudoers file for default action,
Run "users and groups" under administration, system and mark yourself as system administor by your own password (I don't know if this step is necessary)
please run kde based "system settings"
Now, please hit add or remove software under computer administration tab.
And, bingo! Please install anything you like with your own user password which conflicts with sudo defaults rootpw!

Total authentication bypassed with spaghetti like authentication!

I just remember *an old version* of the reactos "about" page which states some stupid security decisions made default on windows nt family was the reason for its insecure reputation. Here is what states the same under secure tab with meanings somewhat softened...

http://www.reactos.org/en/about.html

"Secure

Despite statements to the contrary, NT is secure by design. It was the first mainstream operating system with a proper implementation of a very flexible security model based on access control lists.

Recent NT-based operating systems from Redmond, especially XP, got a bad reputation for their weak default security settings; mainly to simplify the transition from Win9x for both users and legacy applications. This decision alone invalidated many of the security features in NT. ReactOS will incorporate proper default security settings. "

Of course, with great power comes great responsibility, but does everyone know what powers do they have? Especially you target to be the most widely used operating system distribution based on linux (in some way)?

As far as I understand, ubuntu is trying to be the next XP, not the most widely used linux based operating system...

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#3

So where is the question here?

I have never had to nor will I need to edit the sudoers file, doing so makes commands not need a password entry and weakens security

Reactos is also not ubuntu so is moot.

Point3 is kinda valid and the default host name does give away the username. personally i disagree with this idea.

Revision history for this message
aaparker@gmail.com (aaparker) said :
#4

No, no, no...
if you set password with "sudo passwd root" command, you assign a password to root and then, you only edit the defaults section of the sudoers file which is clearly explained in manuals to ask for authentication password type, it only replaces the behavior of asking your own password to asking root's password. This does not weaken security in any way! (I can read, you said, "things can be tightened down (again like any OS) but the standard install isn't too insecure at all.")

This is the question: "So I want to ask a very serious question, is there an internal audit mechanism that would prevent people to integrate rootkit like activity to ubuntu distribution? How do you determine the developers and be sure they don't act for their own special secret purposes?", and that also means (as a question), how will I trust ubuntu?

Can't you see *any* question, with all the cited reasons above?

Revision history for this message
Sam_ (and-sam) said :
#5

Constructive, rational suggestions, contributions are welcome. Otherwise we miss the sense of OpenSource.
http://brainstorm.ubuntu.com/
http://www.ubuntu.com/support/community/mailinglists
http://www.ubuntu.com/news/mediacontact

As always bottom lines are usability, security, freedom incl. self/responsibility which concludes in making decisions and whom I want to trust.
If I don't trust Canonical, why should I install or try Ubuntu software?
Why should I trust signed packages?
Why should I trust signatures?
Why should I trust developers?
Why should I trust anybody at all?
Can I trust myself?
http://www.helladelicious.com/diy/2010/03/how-does-ubuntu-add-freedom-community-and-humanity/

btw. is there a club?
https://answers.launchpad.net/ubuntu/+question/111180

Revision history for this message
actionparsnip (andrew-woodhead666) said :
#6

The bottom line is "you don't"

The EULA clarly states that the OS comes with no SLA or warranty or guarantee of your data, this is the same with all Linux distros. It's the old mantra (which vaguely applys here) "If it breaks, you get both halves", this is the same with the packages and apps you install. A good example here is Google Chrome which (not so) secretly sends usage stats back home.

This can be said about any OS to be honest, how do you know Microsoft OSes are not conducting similar "secret purposes"?

You just need to chillax a bit and life is a whole tonne easier my friend.

HTH

Revision history for this message
aaparker@gmail.com (aaparker) said :
#7

Trust me, I am trying to be positive. Please have a look at what I said: "This question is not for blaming everyone on the community,...". I want to ask you, if you fell something wrong going on the project, wouldn't you warn others?
If there is someone poisoning the project, wouldn't it be for the benefit of opensource, or ubuntu, or you, or me? I am totally loving to use ubuntu, but there are some certain things exists that I always have questions. There may be a trade off between ease of use and security, however, what I asked generally are not something much for changing the user experience.
Would assigning a different hostname that would not give everyone's user name to the net change user experience in terms of ease of use or install?
Would a centralized authorization scheme that manages lots of differing authorization codes, decreases the ease of use or increases?
Do they really effect installation or ease of use in terms of user experience?
Or do you believe, if people feel much secure when using their computers, would increase the number of users of ubuntu?
We have a proverb in our country that states, "my best friend is the one who says me the most bitter truth's!"
Best Regards...

Revision history for this message
aaparker@gmail.com (aaparker) said :
#8

Yes, the EULA clearly states the no warranty option, however, I remember some licenses stating (not of course ubuntu's), "Although the authors of the code do their best, there is no warranty of any kind.". So, you the people, don't have any responsibility? You are packing and preparing the most popular linux distro. Won't great powers come with great responsibilities? Please take my question as a complaint for not seeing ubuntu in the third place after Microsoft and Google, especially, I am advocating all my friends to install ubuntu, not windows...

Revision history for this message
Sam_ (and-sam) said :
#9

Nobody here feels blamed or negative. Such droped interpretations lead to drift away from the subject.
Same with polemic
> As far as I understand, ubuntu is trying to be the next XP

and pathetic.
> my best friend is the one who says me the most bitter truth's!

-------snip

> is there an internal audit mechanism that would prevent people to integrate rootkit like activity to ubuntu distribution?
> If there is someone poisoning the project

Ok, then back_to_the_roots. Usually it takes proof of concept and not speculations.

> centralized authorization scheme

Such as?

Rule of Diversity: Distrust all claims for "one true way".
https://secure.wikimedia.org/wikipedia/en/wiki/Unix_philosophy

Revision history for this message
aaparker@gmail.com (aaparker) said :
#10

Just to make my statements much clear:
"As far as I understand, ubuntu is trying to be the next XP"
Please have a look at http://en.wikipedia.org/wiki/Windows_Firewall
You will see the evolution of the firewall on XP. If you won't compare yourself with other operating systems and learn from their successes and failures, you cannot build a successful operating system distribution.
Here is the link of 1st reference, which state "Study: Unpatched PCs compromised in 20 minutes"
http://news.cnet.com/Study:-Unpatched-PCs-compromised-in-20-minutes/2100-7349_3-5313402.html

"my best friend is the one who says me the most bitter truth's!"
We complaint for horrible pop-up security dialogs like "you are running out of power, attach your laptop to ac power", you know at least it will last for ten minutes more, but it is there to warn you (and irritate you to make you remember!) :)

Anyway, these are off the topic.

> is there an internal audit mechanism that would prevent people to integrate rootkit like activity to ubuntu distribution?
> If there is someone poisoning the project

In example, do you count which packages were much more patched in terms of security leaks? Do you have a ranking like the one at this site (Top Contributers *** Points) for packages and developers?

In example, you can assign each computer a host name based on random number generation. This should be relatively straightforward.

Why not pack a so simple gui based iptables configuration utility with the default installation? At least people would be aware of the current situation that there is no firewall rule set finely configured with respect to allowing everything with iptables? I don't like windows but it also complaints about firewall if you don't enable it (properly).

I think, if we are living in an opensource development world, and everybody is writing her/his own code which can/would/may not be compatible with others, the bare minimum you would introduce security would be in the kernel (at least kernel would be consistent in itself). As far as I understand, apparmor is not kernel level functioning and it is not in the kernel development tree. But SELinux is inside the kernel development tree (also there exists a SELinux folder in the filesystem at Ubuntu, right?) which is also used by and developed with NSA. So why not pack the SELinux with default installation? (At least minimally) (if something goes wrong, by the layered design, it would not be Ubuntu's own problem, if it is a reason of the SE-Linux, it will be quickly fixed because of the great number of users and bug reports which are pooled by booth kernel users/developers, and additional SE-Linux using distributions (Ubuntu users +other distro users+kernel users > other distro users+kernel users)))...

Whether PolicyKit, sudo, kdesu etc. use different approaches, they share some basic principles. They ask a user name and a password for authorization, right? SELinux can be configured to determine, who will be the authorized account and whose password will be used, then enforce it on all authorization schemes.
At the beginning of the installation, you can ask a root password and a standard user password. I think, most of the users of Ubuntu are not beginners in computing and at least they probably used windows prior to learning Linux. At windows, it asks for an administrator password if you like to define. Why not ask it at Ubuntu (at least optionally)? This would not mean copying windows, nor adding additional hardness for users. This is just a necessity to secure an operating system at the minimum. Also, there is a root folder at the filesystem, right? Would not a user question at the long term, why it exists there? Nor, most of the Linux distributions ask for a root password. If someone is new to unix/linux philosophy, she/he will learn it somehow on the long run. If the operating system security is based on rings, elevated privileges, etc., you cannot supply this security by asking only one password at the expected way.

For commenting, I would like to know more about what is Ubuntu doing while installing the new 10.04 (to be constructive of course :) )... Is there a link/text about what it does at those stages?
Best Regards...

Can you help with this problem?

Provide an answer of your own, or ask aaparker@gmail.com for more information if necessary.

To post a message you must log in.