System Overlord

A blog about security engineering, research, and general hacking.

Using Ubuntu to save at-risk youth

Nick Ali (boredandblogging) asked me to forward this on to the planets, and it's really quite worth it.  Murray Wilson has a video about refurbing older hardware through the use of Linux.  Take a look:

The Apple Silo in Education

The other day at work, I was talking with our department's Drupal Developer and our campus's webmaster.  The question came up as to whether or not I saw a role for the iPad in a classroom environment, either at the University or K-12 level.  My initial answer was yes, but my longer answer was no, not the iPad.  A device similar to the iPad, but not it.

The iPad is a fully-integrated portion of the Apple silo: without violating the warranty and EULA, you cannot install any software not approved by Apple.  "Jailbreaking" your device violates those agreements, and could never be done in the education setting.  Accordingly, Apple has full control over the software you run on your device.  For example, if they don't like a camera application that lets you use the volume button to take a picture, it's gone.  Hopefully you don't want an App that helps you find wifi hotspots:  the entire category has been banned.

It's bad enough that these applications have been banned, but at least you'd go into it knowing that you can't use those applications in your classroom setting.  What happens when an application you're using for your course is banned midway through the semester?  At least it's already on your device, right?  It is unless Apple pulls their kill switch.  Then you'd really be stuck.

The iPad form factor might have a place in the classroom, but iOS certainly does not.  At least Android will openly allow you to install apps that weren't even obtained through their Market.  Android will also allow the existence of 3rd party market places.  There's even direct install-from-web capability in the newer versions (app required).

Android aside, Ubuntu is releasing MID versions of their OS, so you could have a full-fledged operating system for your tablet device.  And with quickly, app development for Ubuntu is easier than ever.

Tablets may have a role in education, but I can't see the place for Apple's silo.

My Favorite Web Comics

Only yesterday I discovered the amazing webcomic Questionable Content. I don't know where I've been that I've missed the superior wit of Jeph Jacques, but it's worth a read for just about anyone. He's got over 1700 strips there, and I've read through the first ~900 in the past two days. Yes, it's that good. I've literally LOLed, which has led to Ann giving me several strange looks. But it's well worth it.

I figured I'd post a short list of my favorite webcomics -- I encourage everyone to check them out!

Why the risk of running as root is overblown

Please Note: This is only relevant to single-user desktop installations of Linux. The issues I will discuss here don't apply to servers. In fact, the exact opposite applies there.

"Don't run as root" is an oft-repeated mantra of *nix security. While I agree 100%, it's not as big on the desktop as some would think. I'd like to point out why here. I still believe you shouldn't login as root, but I also believe that it's up to each user to make their own decision.

Think about the data on your computer. What matters to you? E-Mail? Documents? Images? Most of us have things like family photos, financial records, personal communications, saved passwords, or other sensitive or irreplaceable data. This is what we want to protect. When I backup my desktop, I backup my home directory. I don't backup my OS install, software, or anything else that is not private or difficult to replace. Think of this as the "important stuff."

So, let's talk about the important stuff. What users have access to YOUR important stuff? Most likely, your own user, and the root user. So, great, not running as root eliminates one of the possible users that can access your file. So what user do you run as? Your own user. So it's pretty obvious that not running as root doesn't restrict access to the important stuff.

Need proof that your data is no safer under your own user? Think about running "rm -rf /" as root or as your own user. What happens to your data either way? It's gone. Don't run this, just think about it.

So what do you gain by not running as root? Well, your system is a lot less likely to be the victim of an ongoing compromise. As root, an attacker can modify your operating system to their liking. Think that's not much? Guess what: your ssh client now sends the username, host, and password for any system you connect to to a server in China. Or maybe new files you create are uploaded to an anonymous file-sharing site on the internet. Perhaps every key you touch is recorded to grab usernames, passwords, credit card numbers, and your most personal conversations. Or maybe an attacker uses your computer as a middle man for downloading child pornography. That will be fun to explain to the FBI.

So, obviously some things need to run as root: system configuration tools, for example. However, running these using sudo limits your exposure to just these utilities, rather than the thousands (millions?) of lines of code in a full desktop environment.

In short, if you want to run as root on your desktop, go for it. But know the risks, and know the consequences. On the other hand, don't chant "don't login as root" as if it's a magic bullet for security.

Ubuntu Server Features that need better integration

There are two substantial features present in Ubuntu Server (and desktop, though less often used) that are significant, but under-utilized. The first of these is the AppArmor framework. For example, on my LAMP server, only dhclient3, mysqld, and tcpdump have apparmor profiles. OpenSSH and Apache are obvious candidates for AppArmor, as they are commonly exposed to public networks, and compromise of them could have a significant impact on a server. Edit: I missed some profiles here, but there is still no comprehensive profile for Apache or OpenSSH. Installing apparmor-profiles does improve things somewhat, but there is still much to be done.

The 2nd tool is UFW (the Uncomplicated Firewall), which my server has profiles for apache, dovecot, openssh, and postfix. While not everyone uses UFW, it's extremely straightforward to produce UFW profiles, so there's hardly any excuse for apps not including one.

I'm not completely certain how the UFW rulesets are included in a package. Once I've dissected this, I'll be producing UFW rulesets and filing bugs against packages to include them. I don't feel that I have enough AppArmor expertise to produce profiles that are of quality to be redistributed, so I can only encourage package maintainers to examine the benefits of AppArmor for their package.