Security design flaw with "default" x-windows login behaviour

Fri Nov 19 19:43:17 CST 2004

On Fri, 19 Nov 2004 19:51:35 -0500, Dmitriy Kropivnitskiy
<nigde at mitechki.net> wrote:
>  Don't you think it is a little silly complaining about such an issue, since
> you set your display manager to automatically login your user after 60
> seconds without asking for a password. So, if someone tries to access your
> box, they might try to enter wrong user name and password, but if they just
> wait, they would still login as you. I really do not see this as a security
> flow, since by enabling the automatic login you have made your system
> inherently vulnerable for a person with physical access to the system. 

No, I do not think it is silly, otherwise I wouldn't have posted the
suggestion, right?

The reason I posted is this:

"The Ubuntu community is built on the ideas enshrined in the Ubuntu
Manifesto: that software should be available free of charge, that
software tools should be usable by people in their local language and
despite any disabilities, and that people should have the freedom to
customize and alter their software in whatever way they see fit."

I interpret "should be usable by people in their local language and
despite any disabilties" as meaning that the software should be usable
by _as many people as possible_, and would also interpret "disability"
to mean "lack of technical knowledge". There are enough distros out
there that are designed for technical experts (dare I say, nearly all
of them) that this is a worthwhile goal.

And, for software to be usable IMNSHO, DEFAULT settings ought to be
useful to as many non-technical people as possible, and be security
conscious. Technically-minded people have the knowhow to modify
settings. & before someone responds by saying that there are already
OSes for non-technical people and that they're Windows or Mac, please
keep in mind that just because GNU/Linux is open source it DOES NOT
mean that a distro (Ubuntu in this case) has to be intimidating to
non-technical users (i.e. someone who doesn't know how to modify a
.conf file, or even modify a preferences pane).

Having a blank password send you into the default account, regardless
of what's entered in the user name field is an illogical solution.

Auto-login in-and-of-itself is not at all an insecure option since
people with physical access still do not have access to (a) the
login's password and (b) any restricted apps/configuration files/other
users' files on the computer. All the standard security restrictions
apply, so if you have a public login account, people still will not
have access to areas on the computer they shouldn't.

It allows a computer to be usable by anyone whilst allowing specific
users to have their own logins _as well_ (a good and secure solution
for a shared environment).

Since Canonical/Ubuntu is trying to create a "usable" distro it seems
to me that one of the ways of achieving this is by having "defaults"
set to logical and usable settings (the software is pretty robust and
high quality now... a distro could go a long way by merely configuring
the settings appropriate to non-technical users... but, this also
leaves technically-minded users with the ability to configure Ubuntu
to their heart's desire (one of the other ideals of the distro...
though, I'd argue that usability and "despite any disabilities" should
be paramount since configurability is a hall-mark of _all_ GNU/Linux
distros)).

Anyhow, this is a developers list & I'm sure you're all familiar with
the goals of the distro (though, I suspect that different people place
different values articulated by Canonical... e.g. as a Mac user from
day 1 (literally... 1984... NINE years before Windows 3.1 managed to
get up to Mac 1984 usability standards) usability and USER control are
most important (it puts a greater burden on the developer to figure
out what it is that users would like to control but in the end it
results in a better and more productive computing experience)).

Eric.