[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Ayatana] Possible security risk with update-manager
- To: Ayatana List <ayatana@xxxxxxxxxxxxxxxxxxx>
- Subject: [Ayatana] Possible security risk with update-manager
- From: "Paulo J. S. Silva" <pjssilva@xxxxxxxxxx>
- Date: Wed, 18 Nov 2009 18:58:27 -0200
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:received:date :x-google-sender-auth:message-id:subject:from:to:content-type :content-transfer-encoding; bh=Ps9vF6ntjI/q/6SKDFqL8/dT/Y4zMibZspDM8C395Lo=; b=pnioYHJDbASHOQIWfOS2keHIxIfg3iPrF++aEYuEHYF6PRtXAFbcbgYlQVVgkQ+tT4 nz8LCOunKKykJBbwxC+jlRcBstZTPALBXctLt8Qp7k/y/oQHHPiEu3hleDt74MktpcFD vtkbd54w95WxCrqNjCt3HQiElqP2lGI+2iEww=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:date:x-google-sender-auth:message-id:subject :from:to:content-type:content-transfer-encoding; b=HQ8KpiBEGNe6lB3Ng4+c82mTAIwRaew4Xple8vf16vidn1/hNFi67qX7/HsNYxWhwC F3UFW1XPNPCDFihz/Uw19jk5NX4tdGTolhiS1lRAAEapgj4Us+K653ROUte1DsXG4w4Z vl3MCwBZD4MJR9cPpCivOwWZ6iO9qzfziVlrE=
- List-archive: <http://lists.launchpad.net/ayatana>
- List-help: <https://help.launchpad.net/ListHelp>
- List-id: <ayatana.lists.launchpad.net>
- List-owner: <https://launchpad.net/~ayatana>
- List-post: <mailto:ayatana@lists.launchpad.net>
- List-subscribe: <https://launchpad.net/~ayatana>
- List-unsubscribe: <https://launchpad.net/~ayatana>
- Sender: pjssilva@xxxxxxxxx
Hello,
I am coming back to an old subject, but with new information.
There is a huge "Won't fix" bug concerning the pop-up/under behavior
of update manager since 9.04:
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/332945
Recently one of the people that insist to keep the bug alive (like
me), made a dirty simple mockup of a page that would present itself as
the update manager and ask for the administration password. See
https://bugs.launchpad.net/ubuntu/+source/update-notifier/+bug/332945/comments/456
Note that even though this mockup is very crude and can easily be
recognized due to the outer browser window in the pop-up, it should
raise some eye browns. Just imagine a more sophisticated page using
flash to draw a windowless fake update-manager window and capture the
password (can flash send information to a server?).
I now truly believe that the behavior of having a administration
window popping up (or under) without the explicit user request may be
viewed as a possible security flaw. Naive users, once used to this
behavior, can start accepting fake window that appear during browsing.
It would be much easier to tell the user: never give a password unless
you started a workflow where you already knew that a password would be
required. This sounds like common sense. With the new update-manager
we can not say that to the users anymore.
I know that this is not a exactly a usability problem but it was
caused by a usability decision. Shouldn't we ask some security experts
in canonical at least to comment on this?
best,
Paulo
Obs: I have sent this email before using my gmail address and it seems
it did not pass through, I am resending it now using the email address
that I use in launchpad. If a double post happens, please I beg your
pardon.
--
Paulo José da Silva e Silva
Professor Associado, Dep. de Ciência da Computação
(Associate Professor, Computer Science Dept.)
Universidade de São Paulo - Brazil
e-mail: pjssilva@xxxxxxxxxx Web: http://www.ime.usp.br/~pjssilva
--
Paulo José da Silva e Silva
Professor Associado, Dep. de Ciência da Computação
(Associate Professor, Computer Science Dept.)
Universidade de São Paulo - Brazil
e-mail: pjssilva@xxxxxxxxxx Web: http://www.ime.usp.br/~pjssilva