How secure is the appearance of Ubuntu Update Manager?
Rajinder Yadav
devguy.ca-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Tue Oct 6 01:11:03 UTC 2009
Mel Wilson wrote:
> News of a slow bruteforce attack
>
> http://bsdly.blogspot.com/2009/10/third-time-uncharmed.html
>
> on Linux root accounts brought on an outbreak of paranoia -- in this
> chair, anyway.
>
> Since I upgraded to Ubuntu 9.04, Update Manager no longer sets an icon
> on the taskbar when it finds available updates; it opens a window
> directly on the desktop listing the upgrades, and when I click to start
> the process, prompts for my sudo password. It occurs to me that I'm not
> at all sure that this new window is really Update Manager, rather than
> something from, say, ECMAScript in a browser.
>
> I couldn't find a preference to restore the old (icon on taskbar)
> behaviour, but, on second thought, the appearance of a process from
> wherever on the taskbar is no more or less evidence of a secure origin
> that the appearance of a window on the desktop.
>
> I guess the sane workaround is to kill the auto-started process and
> start Update Manager by hand from the System menu.
>
> Mel.
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
>
If you're really paranoid, you might want to add yourself to the ubunutu mailing
list that announces security alerts and updates. Fro updates do it from the
shell (if you don't trust who's presenting the the GUI password manager).
$> sudo apt-get update
$> sudo apt-get upgrade
you will be prompted to enter you admin password once
if you don't want to be prompted to select yes during the update you can type
the 2nd command with the 'assume yes switch'
$> sudo apt-get -y upgrade
he upgrade actually start the update, it's doesn't upgrade your system to the
next version in the sense of new OS, and the update actually updates the
database to determine what's changed so the 2nd command can start to download
and install the right stuff
hope that helps your paranoia, until someone hijacks your shell ;)
--
Kind Regards,
Rajinder Yadav
http://DevMentor.org
Do Good ~ Share Freely
--
The Toronto Linux Users Group. Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists
More information about the Legacy
mailing list