EasyUbuntu

Let EasyUbuntu run as user

Bug #49246 reported by Kyle Brooks
2
Affects Status Importance Assigned to Milestone
EasyUbuntu
Fix Released
Medium
api.ng
EasyUbuntu 3.2

Bug Description

We should let EasyUbuntu run as user, and disable the OK button until the user gives permission to install software using EasyUbuntu. This is good for the following reasons:
  * (this is a entirely unlikely case, although it can happen!) If someone gives a user a link to his own modifided version of EasyUbuntu which contains "malicious code", the code cannot damage the entire system, only the user's home directory and all files/directories which the user owns.
  * we can explain to the user why they need to give permission to install software
  * not very user friendly to see a dialog pop up at them on every start up of EasyUbuntu

Revision history for this message
KarlGoetz (kgoetz) wrote :

Agree to a greater or lesser extent with each point.

Changed in easyubuntu:
importance: Untriaged → Medium
status: Unconfirmed → Confirmed
Revision history for this message
Kyle Brooks (kyle-brooks) wrote :

After discussion with KK, I've decided to let the user click OK, and get a configuration/permission dialog. Easer this way...

Revision history for this message
Kyle Brooks (kyle-brooks) wrote : Patch

This patch lets EasyUbuntu run as a user.

Revision history for this message
Kyle Brooks (kyle-brooks) wrote :

Fixed in revision 221

Changed in easyubuntu:
status: Confirmed → Fix Committed
Revision history for this message
John Moser (nigelenki) wrote :

* (this is a entirely unlikely case, although it can happen!) If someone gives a user a link to his own modifided version of EasyUbuntu which contains "malicious code", the code cannot damage the entire system, only the user's home directory and all files/directories which the user owns.

Nah, I'll just keep going right up to "click ok," and then once the user enters his password I'll execute the malicious code. You lose.

Face it, any account that you sudo or su from ever is a root account with training wheels. If a malicious script lives in that account, it has root access (or at least you can code said script to pick up root access opportunisticly).

* we can explain to the user why they need to give permission to install software

The user doesn't care.

* not very user friendly to see a dialog pop up at them on every start up of EasyUbuntu

This is the only real argument.

Revision history for this message
Kyle Brooks (kyle-brooks) wrote :

given to robotgeek for qt

Changed in easyubuntu:
assignee: nobody → venkatvc
status: Fix Committed → In Progress
Revision history for this message
Kyle Brooks (kyle-brooks) wrote :

handing over to 3.2

Revision history for this message
Venkat Raghavan (venkatraghavan) wrote :

Does this not conflict with the way we handle the System Sanity Check? It appears to me that we ask the user for password early on anyways, so i dont see the point in implementing this. What am I missing? :)

Revision history for this message
Venkat Raghavan (venkatraghavan) wrote :

Also our deb completely overrides this. (removes the code for checking if it root is running).

Changed in easyubuntu:
status: In Progress → Needs Info
Revision history for this message
Cafuego (cafuego) wrote :

Only in 3.0.

The 3.1 deb runs as user and prompts for passwords as needed.

Revision history for this message
api.ng (hektve) wrote :

/***

Changed in easyubuntu:
assignee: Venkat Raghavan (venkatraghavan) → HECTOR DAVID (hektve)
status: Incomplete → New
api.ng (hektve)
Changed in easyubuntu:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Patches

Remote bug watches

Bug watches keep track of this bug in other bug trackers.