Discussion in 'Article Discussion' started by Gareth Halfacree, 22 Feb 2016.
What is the inherent security flaw in storing user details with iso?
Bzzt. It's a mining term: hitting the principle vein of an ore or mineral, literally the 'mother' 'lode.'
Not sure I understand the question. Do you mean the inherent issue with storing the MD5 hashes with the ISOs? If I have access to replace the ISOs with my malicious versions, I also have access to replace the hashes that are supposed to warn you if I've replaced the ISOs. If the hashes were on a different server, I couldn't do that; I could replace the ISOs, but when you check your download against the hashes (which nobody ever does) you'd be warned that the file had been tampered with.
Putting the hashes on a separate server (or on a part of the same server to which the web server process doesn't have write access, at a minimum) is basic security. Better security, to which I allude in the article, is getting rid of hashes altogether in favour of cryptographic signatures. Anybody can make an MD5 hash (it's literally one command: md5sum filename); only the Linux Mint release team would have the private key required to GPG-sign the ISOs.
You'd still have the problem that nobody would check said signature, of course, but hey: what can you do?
Oh, look, it's Phil. Hi, Phil. Just a friendly warning: this thread is for comments on the news article. Any trolling or posting off-topic, especially about any general issues you may or may not have with Linux and/or those who use or develop Linux, will be deleted; persistent posting contrary to these rules will result in your being reported to the moderation team for a cooling-off ban. Have a lovely day!
I thought that was "motherlode"
D'you know, so did I - but Proper English spell-check and Google both have it as two separate words, so who am I to argue?
Phil - your PM conduct towards Gareth is, quite frankly, utterly distasteful. Please, take a week off to have a think about it. Ta-ra for now!
While you're off, have a read of the rules. They're not optional!
You shouldn't understand the question because I misread the article and thus asked a malformed question. I seem to be turning my Derp up to 11 today.
While the question was wrong, was my answer right? 'Cos, if so, that's going in the 'Notable Achievements' section of my CV.
I thought that they were being criticised for storing user details with the ISOs. But that's neither what happened nor what they were criticised on.
I learned something from your answer though. I haven't heard of cryptographic hashes used as secure verification before and it's a valid point on keeping the hashes with the ISOS.
This security issues has me concerned, as someone who was planning to make the change to Linux (Mint) in a few months and not knowing much about security of an OS, I read a comment on another site reporting this that the Linux Mint team have it backwards (their words) when it comes to security, preferring compatibility over security.
Are these major failings in its security a reflection on the OS itself?
Perhaps it's the old tradeoff between security and convenience coming into play.
I never got what mint offers over Ubuntu apart from cinnamon as the default UI. Why is Mint considered more user friendly or favourable?
Gareth, I should think that you could make the installer check the signature file, which should contain a hash of the media, and if the signature isn't correct or media fails to match the contained hash it shouldn't install.
This would obviate the requirement of the end user, who might be an MS Windows user, to check either the signature or the MD5 hash.
Cinnamon was going to be the flavor (no pun intended) i was going to plum for, going on what I've read and seen it looks to be less of a jarring transition from the world of Windows, last thing i want when learning about a new OS is to be fighting an unfamiliar GUI.
I kind of ruled Ubuntu out as I read it has a propensity of going down a similar route as Apple and Microsoft of a walled garden, data gathering, and dictating to users how they should use their OS.
Yeah I guess canonical are doing that a bit. They are disregarding wayland to make their own display server. Which is a bit walled gardeny. But I'd imagine you would end up with that in Mint as well when it arrives.
The most agregious thing is the ads but that can easily be turned off.
You should check out elementary os. It's the nicest looking linux interface IMO.
Sadly, this won't work: you're suggesting that the installer be trusted to verify its own validity. Where did we get the installer from? The suspicious ISO. It'd be the work of moments for the attacker to patch the installer to say "yup, everything checks out, no Trojans here governor." Same issue with the hash: where is it getting the hash from?
The only way is for people to get used to verifying the signature manually using their own software - which is fine for nerds like us and completely useless for Aunt Mavis.
Internally at Mint (or any other software vendor), what should be happening is an automated system on multiple independent servers that verifies any ISO upload against a public key. No signature, or an invalid signature? The team is alerted and the files don't get made available. It goes without saying, of course, that this system should not rely on WordPress, which has been harshly but not inaccurately referred to as a great remote shell with a mediocre CMS on top (and if they do use WordPress, for goodness sake keep it and everything else patched and updated!)
I've used Ubuntu since 8.04 and I can say that Ubuntu is no walled garden on the scale of Microsoft/Apple. Every search and data gathering feature can be switched off with a few clicks. In addition, in the next version (Ubuntu 16.04), all the online search features will be disabled by default.
There's nothing about FLOSS that forces Canonical to adopt Wayland. In the opinions of many, it may be easier if they had. I personally think choice is good and if they later regret the decision, I'm sure Canonical will make the right decision and adopt Wayland if necessary. Any other Linux distro is free to use Mir as a display server if they so please. I've yet to see anything "walled gardeny" distributed with a GPLv3/LGPLv3 license.
So this wouldn't effect the ISO's available via torrent?
I've always loved Mint, it just seems so easy to navigate, mod, use, etc. Once i've got my hardware issues sorted and have some free time, I have to try ElementaryOS and SuSE.
Of course doing your own display server is not against floss. Ubuntu is one of the most popular distross and because of that, going with their own display server may lead to program compatability issues between distros. We could end up with mir only programs or wayland only programs or worse cross platform programs, that ends up using some X compatibility which would be a step backwards. I hope that won't be the case but if it Iis then that to me would be a bit walled gardeny.
FLOSS and walled garden are not mutually exclusive concepts BTW.
It looks very Mac'ish doesn't it.
Yes i understand it's no way near the scale of Microsoft/Apple, its just for me personally the very fact that they include things like online search, advertising, and those sorts of things is an indication of their intentions, that's not to say they're going to force those things on people in the future like Microsoft & Apple, its just that I personally don't agree with that kind ethos.
AFAIK it wouldn't as once a torrents in circulation it's impossible to alter without changing the hash.
Separate names with a comma.