Let EasyUbuntu run as user

Bug #49246 reported by Kyle Brooks on 2006-06-10
2
Affects Status Importance Assigned to Milestone
EasyUbuntu
Medium
HECTOR DAVID

Bug Description

We should let EasyUbuntu run as user, and disable the OK button until the user gives permission to install software using EasyUbuntu. This is good for the following reasons:
  * (this is a entirely unlikely case, although it can happen!) If someone gives a user a link to his own modifided version of EasyUbuntu which contains "malicious code", the code cannot damage the entire system, only the user's home directory and all files/directories which the user owns.
  * we can explain to the user why they need to give permission to install software
  * not very user friendly to see a dialog pop up at them on every start up of EasyUbuntu

KarlGoetz (kgoetz) wrote :

Agree to a greater or lesser extent with each point.

Changed in easyubuntu:
importance: Untriaged → Medium
status: Unconfirmed → Confirmed
Kyle Brooks (kyle-brooks) wrote :

After discussion with KK, I've decided to let the user click OK, and get a configuration/permission dialog. Easer this way...

This patch lets EasyUbuntu run as a user.

Kyle Brooks (kyle-brooks) wrote :

Fixed in revision 221

Changed in easyubuntu:
status: Confirmed → Fix Committed
John Moser (nigelenki) wrote :

* (this is a entirely unlikely case, although it can happen!) If someone gives a user a link to his own modifided version of EasyUbuntu which contains "malicious code", the code cannot damage the entire system, only the user's home directory and all files/directories which the user owns.

Nah, I'll just keep going right up to "click ok," and then once the user enters his password I'll execute the malicious code. You lose.

Face it, any account that you sudo or su from ever is a root account with training wheels. If a malicious script lives in that account, it has root access (or at least you can code said script to pick up root access opportunisticly).

* we can explain to the user why they need to give permission to install software

The user doesn't care.

* not very user friendly to see a dialog pop up at them on every start up of EasyUbuntu

This is the only real argument.

Kyle Brooks (kyle-brooks) wrote :

given to robotgeek for qt

Changed in easyubuntu:
assignee: nobody → venkatvc
status: Fix Committed → In Progress
Kyle Brooks (kyle-brooks) wrote :

handing over to 3.2

Does this not conflict with the way we handle the System Sanity Check? It appears to me that we ask the user for password early on anyways, so i dont see the point in implementing this. What am I missing? :)

Also our deb completely overrides this. (removes the code for checking if it root is running).

Changed in easyubuntu:
status: In Progress → Needs Info
Cafuego (cafuego) wrote :

Only in 3.0.

The 3.1 deb runs as user and prompts for passwords as needed.

HECTOR DAVID (hektve) wrote :

/***

Changed in easyubuntu:
assignee: Venkat Raghavan (venkatraghavan) → HECTOR DAVID (hektve)
status: Incomplete → New
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Patches