← Back to team overview

launchpad-dev team mailing list archive

Re: Quickly and Launchpad

 

On lun., 2010-07-12 at 13:04 +0200, Martin Pool wrote:
> On 12 July 2010 12:53, Leonard Richardson
> <leonard.richardson@xxxxxxxxxxxxx> wrote:
> > It's no secret that I think the desktop credential management app,
> > although superior from a UI standpoint, is insecure. Up to this point
> > the counter-argument has prevailed that malicious client code on an
> > Ubuntu desktop is rare, so we shouldn't worry about it.
> 
> That is true but to me the main point is that if there is malicious
> code running within your desktop machine, you have bigger problems
> than your Launchpad account.
> 
> > I think this
> > counter-argument has an additional premise that has just been revealed:
> > malicious client code on an Ubuntu desktop is rare, *and if it does
> > exist, the worst it can do is screw up your own system/Launchpad
> > account*. With GRANT_PERMISSIONS plus the ability to upload GPG keys,
> > once malicious code gets on an Ubuntu system it can easily infect
> > thousands of other systems.
> 
> Can you unpack the logic there?  Do you mean that if malicious code
> gets onto an Ubuntu system of a user who can write to the main archive
> or a popular PPA, it can propagate to thousands of other machines.
> That is true, but orthogonal to whether there is an API to manipulate
> credentials.
> 

I pretty agree with this. Just to note as well that Quickly generally
use the "Change Anything" (don't really know to which permission this is
related to). The extra permission for pushing gpg/ssh/create ppa would
be generally only on first release if the user doesn't have them
(Quickly first check if you have corresponding gpg/ssh key locally
matching one uploaded to Launchpad) and that the ppa exists. So, an
extra time for this case isn't so shocking to me even if user will feel
that it's less integrated.

Didier




References