How secure is the appearance of Ubuntu Update Manager?

Rajinder Yadav devguy.ca-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Oct 6 01:11:03 UTC 2009 

Mel Wilson wrote:
> News of a slow bruteforce attack
> 
> http://bsdly.blogspot.com/2009/10/third-time-uncharmed.html
> 
> on Linux root accounts brought on an outbreak of paranoia -- in this 
> chair, anyway.
> 
> Since I upgraded to Ubuntu 9.04, Update Manager no longer sets an icon 
> on the taskbar when it finds available updates; it opens a window 
> directly on the desktop listing the upgrades, and when I click to start 
> the process, prompts for my sudo password.  It occurs to me that I'm not 
> at all sure that this new window is really Update Manager, rather than 
> something from, say, ECMAScript in a browser.
> 
> I couldn't find a preference to restore the old (icon on taskbar) 
> behaviour, but, on second thought, the appearance of a process from 
> wherever on the taskbar is no more or less evidence of a secure origin 
> that the appearance of a window on the desktop.
> 
> I guess the sane workaround is to kill the auto-started process and 
> start Update Manager by hand from the System menu.
> 
>     Mel.
> -- 
> The Toronto Linux Users Group.      Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
> 

If you're really paranoid, you might want to add yourself to the ubunutu mailing 
list that announces security alerts and updates. Fro updates do it from the 
shell (if you don't trust who's presenting the the GUI password manager).

$> sudo apt-get update
$> sudo apt-get upgrade

you will be prompted to enter you admin password once

if you don't want to be prompted to select yes during the update you can type 
the 2nd command with the 'assume yes switch'

$> sudo apt-get -y upgrade

he upgrade actually start the update, it's doesn't upgrade your system to the 
next version in the sense of new OS, and the update actually updates the 
database to determine what's changed so the 2nd command can start to download 
and install the right stuff

hope that helps your paranoia, until someone hijacks your shell ;)

-- 
Kind Regards,
Rajinder Yadav

http://DevMentor.org
Do Good ~ Share Freely
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

More information about the Legacy mailing list