Comment 3 for bug 43328
Revision history for this message
| Philip Van Hoof (pvanhoof) wrote Re: The build-in terminal is not set read-only | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Just as that it's possible to run, as a user, an xterm and change to the root user using, for example, su or sudo, it's still not needed to run the entire thing as root. Even a very simple sudo-line or a +s binary could solve this in a few minutes.
The problem is not only that you can inject characters, which certainly is a problem by the way, but also that a tool that uses a huge amount of libraries that haven't ever been tested nor reviewed for security is being used while being ran as the root user.
It's very easy to run the terminal component as user, and run the software in it as root. I don't see any reason why to run everything as root (except being lazy and trying to take the easy route, which is exactly how another popular operating system builder has got himself into troubles).
The right solution could be a library that implements asking these questions, and dlopen()-ing an implementation for X11 or one for the console. Depending on the situation. And then simply reject packages that do broken things.
It's not the user of your software's fault that you picked Debian packages and that Debian packages can ask questions on the terminal. Therefore you shouldn't put this security burden on the users of your softwares (and still claim that Ubuntu is capable of serving users that require security, for example in the server room, which is what Ubuntu (the distribution) does, right?).
Putting the security burden on the GNOME, Python and gtk+ community (which includes me) also isn't the right track. That community has no such focus (they don't want to care about the same issues that the server software developers have to care about -- like, but not only security).
You also don't know what security problems future releases and new features might introduce. Nor does that community pay a lot attention to that.
Integration is Ubuntu's task. Making sure it's at least a little bit secure, too.
But feel free to close this bug and ignore it. Time and an almost certain exploit will be your judge.