Your Article is Incorrect: Linux Magazine
April 14, 2009
- Your Distro is Insecure: Ubuntu
In my opinion, this piece is a bit of sensational journalism targeted at the Ubuntu Server.
sensationalism: the notion that media outlets often choose to report heavily on stories with shock value or attention-grabbing names or events, rather than reporting on more pressing issues to the general public
I believe that this article was more about generating attention than improving distro security or the Linux ecosystem. To achieve the latter, one could easily file bugs and discuss the issues on any one of several mailing lists, forums, or IRC.
Update: Linux Magazine has assured me that the Novell/Microsoft advertisement is a coincidence, so there’s no deeper conspiracy theory here, as suspect as it looks. I have also been assured that this article was not meant to pick on Ubuntu, but that this would be the first in a series of articles about insecurities introduced by distros in the interest of easier install processes.
We, the Ubuntu distribution, are leading the industry in a number of areas of Linux security. 8.10’s encrypted-private feature (shown on the first page of his article) is unique among all Linux distributions, and 9.04’s encrypted-home extends the functionality even further. As far as I’m aware, this is the first Linux distribution to provide seamless, per-user home directory encryption in the installer.
As of 9.04, if you choose to encrypt your home directory, it has 700 permissions. And if not, yes, your home directory is perm’d 755, with an option to create an encrypted Private directory, perm’d 700. These design choices delicately and intelligently toe the line between security and usability.
The Ubuntu Security Team has engineered a secure toolchain and compiler flags, by which all Ubuntu packages are built. These carefully constructed options affect nearly all packages built and hosted in the official Ubuntu archives, and have eliminated several classes of classic security vulnerabilities.
For the more paranoid, the Ubuntu kernel provides administrators with both Mandatory Access Control (MAC) models enabled and available at their discretion–AppArmor by default, as well as SELinux. And ufw (the Uncomplicated Firewall) is a truly elegant solution for administrators to control network access.
Finally, the author’s arbitrary “grades” against Ubuntu are, in order: A-, B, A-. Is this really enough to justify a sensational headline in an otherwise respected Linux publication?
These sound like 3 reasonable wishlist bugs filed in Launchpad.