While I agree that 'solving' malicious exploitation of a security hole by turning a gaping time-window into a millisecond race-condition is bad news... and hope that the fine folks doing the security work on Mir realize it too... what are your feelings on rm rf prophylactics? http://serverfault.com/a/337098 While arguably things like --preserve-root being on by default will in no way increase security, in the hard-nosed sense of Security Versus Malicious Adversaries, I would still say that they are a Good Thing, because they might keep the enduser from accidentally blowing their own foot off.
Canonical's bugfix is intended to address the blow-your-own-foot-off aspect, i.e. the chance that a real-life non-malicious enduser might have skype open, and then flop over to ctrl+alt+f2, jam in their uid enter passwd enter, and then later notice (or fail to notice) they just compromised their own box. Calling this 'fixed' is definitely moving the goalposts, sure, but it is also true, more or less, if you are just talking about non-malicious endusers. Whether to re-open the existing bug-num, to solve the race-condition-against-malicious-app aspect, or to open that as a new bug-num, is simply semantics.
p.s. What would be a *real* fix for the VT switching security flaw? Our host mjg suggests that Canonical's design decisions, that concentrate on the phone use-case at the expense of the desktop use-case, have screwed them over. Part of the reason they don't have multi-head support working right is because smartphones usually only have one screen (sigh... maybe the forgot tablets with hdmi-out jacks?), and part of the reason that VT switching was broken in the first place is that phones don't usually provide ctrl+alt+f2, and now part of the reason that VT switching is still a concern when you talk about malicious adversaries is because canonical made a design choice that works for phones... but not as well for desktops. Maybe they can more permanently fix the problem, or maybe they are stuck with a band-aid.
p.p.s. By contrast, what would be the *real* fix to rm rf? Automated versioned backups of the filesystem (RAID is not good enough in this case -- or in general for any case where you need actual backups -- because rm rf will span your raid volumes just as easily as it will wipe a single drive partition). That is quite obviously a hard problem. So instead we get --preserve-root, the band-aid.
p.p.p.s. And Now For Something Completely Different.... here is another blast from the past. http://betanews.com/2007/12/04/mpaa-s-student-p2p-sniffer-pulled-over-copyright-issues/ Being from ye olde year of our laird two thousand ought seven, there is no Mir stuff , but there is juicy mjg and xubuntu stuff. Did the changes made by the unnamed hired mpaa guns ever get released under GPL? Did the uSpywareToolkit truly die in 2007, or did it return in a new cloak? The news cough*infotainment*cough articles just mention the irony of the sit, and then never do any followup. Okay, okay, back on topic.
Re: accidentally compromising your own passwd, vs malicious mir-hog getting your passwd
Canonical's bugfix is intended to address the blow-your-own-foot-off aspect, i.e. the chance that a real-life non-malicious enduser might have skype open, and then flop over to ctrl+alt+f2, jam in their uid enter passwd enter, and then later notice (or fail to notice) they just compromised their own box. Calling this 'fixed' is definitely moving the goalposts, sure, but it is also true, more or less, if you are just talking about non-malicious endusers. Whether to re-open the existing bug-num, to solve the race-condition-against-malicious-app aspect, or to open that as a new bug-num, is simply semantics.
p.s. What would be a *real* fix for the VT switching security flaw? Our host mjg suggests that Canonical's design decisions, that concentrate on the phone use-case at the expense of the desktop use-case, have screwed them over. Part of the reason they don't have multi-head support working right is because smartphones usually only have one screen (sigh... maybe the forgot tablets with hdmi-out jacks?), and part of the reason that VT switching was broken in the first place is that phones don't usually provide ctrl+alt+f2, and now part of the reason that VT switching is still a concern when you talk about malicious adversaries is because canonical made a design choice that works for phones... but not as well for desktops. Maybe they can more permanently fix the problem, or maybe they are stuck with a band-aid.
p.p.s. By contrast, what would be the *real* fix to rm rf? Automated versioned backups of the filesystem (RAID is not good enough in this case -- or in general for any case where you need actual backups -- because rm rf will span your raid volumes just as easily as it will wipe a single drive partition). That is quite obviously a hard problem. So instead we get --preserve-root, the band-aid.
p.p.p.s. And Now For Something Completely Different.... here is another blast from the past. http://betanews.com/2007/12/04/mpaa-s-student-p2p-sniffer-pulled-over-copyright-issues/ Being from ye olde year of our laird two thousand ought seven, there is no Mir stuff , but there is juicy mjg and xubuntu stuff. Did the changes made by the unnamed hired mpaa guns ever get released under GPL? Did the uSpywareToolkit truly die in 2007, or did it return in a new cloak? The news cough*infotainment*cough articles just mention the irony of the sit, and then never do any followup. Okay, okay, back on topic.