Important Security Notice - mintAssistant 2.4 in Elyssa!

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.

Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby clem on Wed Jun 11, 2008 4:51 pm

A very important bug has been found in mintAssistant 2.4 which was released as part of Linux Mint 5 Elyssa.

Explanation

When the root password is not set the root account is still active, and rather than this consequently preventing any root login, it actually means you can login as root without any password at all.

Cause

This regression is due to a change in behavior in passwd from Gutsy to Hardy and a request from the community after RC1 was released not to lock the root account (so that "sudo su -" is still possible).

Solution

- A fix has been released in mintAssistant 2.5. When you select not to use the root password, the root account is now given a randomly generated password.
- The ISO images for both the Main and Light Editions will be rebuilt to include this fix.

What you need to do

- Upgrade mintAssistant to version 2.5.
- Launch mintAssistant and choose whether you want to set a root password or not. If you choose not to, a random password will be assigned for you.

Edit by Husse//
I strongly recommend you to set a root password. If you don't you will not be able to use "Recovery mode" which is a powerful helper when things go wrong.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5545
Joined: Wed Nov 15, 2006 8:34 am

Linux Mint is funded by ads and donations.
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Lantesh on Wed Jun 11, 2008 5:05 pm

Clem,

I just wanted to let you know that mintUpdate still does not always show updates unless I open it, wait for it to do it's check, and then hit refresh again. After doing this mintAssistant 2.5 did indeed show up. In general I do still have to do this each time to see what updates are available.

Might I request that after you have posted the new .iso file for Mint 5 that you announce it in this thread as a follow up? Once it's ready I would like to download it again so my CD is up to date without this security flaw.

By the way I'm impressed that you found this and have a fix so quickly, considering it's only been a few days since launch. Thank you so much.
Lantesh
Level 6
Level 6
 
Posts: 1219
Joined: Sat Apr 12, 2008 1:02 pm

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby clem on Wed Jun 11, 2008 6:04 pm

Hi,

The two ISOs are now ready. I'll just pass them through some basic tests before uploading them to the server. They should be uploaded tomorrow during the day and from there picked up by the mirrors up to 48 hours later.

Clem.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5545
Joined: Wed Nov 15, 2006 8:34 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby trod on Wed Jun 11, 2008 7:05 pm

How do you launch mintassistant ?
Thanks
trod
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby exploder on Wed Jun 11, 2008 7:12 pm

Go to > Control Center > System > mintassistant
exploder
Level 15
Level 15
 
Posts: 5872
Joined: Tue Feb 13, 2007 10:50 am
Location: HartfordCity, Indiana USA

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby trod on Wed Jun 11, 2008 7:36 pm

thanks but I removed it first before installing 2.5 and now it doesent show on that menu. Any other way to launch it?
trod
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby kenetics on Wed Jun 11, 2008 7:37 pm

So are you saying if you HAVE set a root password there is no problem?
Image
User avatar
kenetics
Level 5
Level 5
 
Posts: 615
Joined: Thu Dec 14, 2006 9:57 pm
Location: Somewhere on a Florida beach

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby exploder on Wed Jun 11, 2008 7:47 pm

trod, right click on the menu and choose "Reload Plugins", that should get the menu item to appear.
exploder
Level 15
Level 15
 
Posts: 5872
Joined: Tue Feb 13, 2007 10:50 am
Location: HartfordCity, Indiana USA

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby tawan on Wed Jun 11, 2008 9:30 pm

fix is easy to do and worked for me

thanks Clem (and Cathbard)
User avatar
tawan
Level 4
Level 4
 
Posts: 405
Joined: Thu Apr 03, 2008 2:45 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby matheos on Wed Jun 11, 2008 9:55 pm

since i have installed the last version of mintAssistant 2.5 in Elyssa, i don't need any password at all to use the "sudo" command......to do....whatever i want :|

i think than it was not like that before...
résistant comme un pingouin qui sourit en plein millieu de l'artique
matheos
Level 2
Level 2
 
Posts: 51
Joined: Thu Feb 21, 2008 3:49 am
Location: Québec!!!! / canada

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby cathbard on Wed Jun 11, 2008 9:58 pm

kenetics wrote:So are you saying if you HAVE set a root password there is no problem?

That's exactly what he's saying. The bug occurs when you don't set a root password in mint assistant 2.4
Image
"A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce." - Don Quinn
User avatar
cathbard
Level 3
Level 3
 
Posts: 148
Joined: Thu Apr 17, 2008 11:50 am
Location: Australia

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby eeezzzeee on Wed Jun 11, 2008 10:14 pm

Other than at install I have never actually used mintassistant, is this something that I can remove? or is an integral part of the distro?
I added a root password and it accepted it, and then I clicked on mint assistant again and to see what it did, and it asked me if i wanted to enable a root password.

*edit-
after a reboot it asked me for my user password to get into the mintassistant
Last edited by eeezzzeee on Wed Jun 11, 2008 10:46 pm, edited 2 times in total.
"If it's stupid and it works.... it's not stupid"
User avatar
eeezzzeee
Level 3
Level 3
 
Posts: 160
Joined: Sun Feb 10, 2008 9:28 pm

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby matheos on Wed Jun 11, 2008 10:32 pm

Post by matheos on Wed Jun 11, 2008 8:55 pm
since i have installed the last version of mintAssistant 2.5 in Elyssa, i don't need any password at all to use the "sudo" command......to do....whatever i want :|

i think than it was not like that before...
since i have installed the last version of mintAssistant 2.5 in Elyssa, i don't need any password at all to use the "sudo" command......to do....whatever i want :|

i think than it was not like that before...


correction : it's cause i've did sudo su one time before..... but i really have to do a complete reboot before have the password request again on a sudo command

if i logout and relogin, the bug is still there... but not in a tty (CTRL+ALT+F1)

i have two zombie process ( gnome-terminal and sh ) i'm not able to kill them event with kill -9 command probably the source of the bug
résistant comme un pingouin qui sourit en plein millieu de l'artique
matheos
Level 2
Level 2
 
Posts: 51
Joined: Thu Feb 21, 2008 3:49 am
Location: Québec!!!! / canada

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby badmotor on Thu Jun 12, 2008 2:17 am

I have also had my mint assistant disappear - tried 'reload plugins' and it still didn't come back.

Any ideas?
badmotor
Level 4
Level 4
 
Posts: 371
Joined: Fri May 02, 2008 7:40 pm
Location: New Zealand.

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Sakonim on Thu Jun 12, 2008 7:47 am

badmotor wrote:I have also had my mint assistant disappear - tried 'reload plugins' and it still didn't come back.

Any ideas?


Have you tried getting to it from the standard gnome menu? You open it by doing alt + f1.
Image

At any street corner the feeling of absurdity can strike any man in the face. - Albert Camus
User avatar
Sakonim
Level 2
Level 2
 
Posts: 94
Joined: Tue Apr 15, 2008 2:25 pm

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby clem on Thu Jun 12, 2008 10:15 am

- The new ISO images are available on Heanet.ie and should propagate to other mirrors today and tomorrow.
- The torrents now point at the new ISOs.
- On-Disk is in the process of replacing their ISOs and they will be contacting the people who bought CDs of Elyssa so far.

Clem.
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5545
Joined: Wed Nov 15, 2006 8:34 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby marty510 on Thu Jun 12, 2008 1:27 pm

tried what has been mentioned................I did update, but no mint assistant on my list?
User avatar
marty510
Level 3
Level 3
 
Posts: 165
Joined: Tue Dec 04, 2007 6:26 pm

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Zero Prime on Thu Jun 12, 2008 2:17 pm

You have to refresh the update manager for the newest update to show.
Image
User avatar
Zero Prime
Level 3
Level 3
 
Posts: 146
Joined: Wed Feb 20, 2008 3:50 pm
Location: Sumter, SC USA

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby badmotor on Thu Jun 12, 2008 3:16 pm

Sakonim wrote:
badmotor wrote:I have also had my mint assistant disappear - tried 'reload plugins' and it still didn't come back.

Any ideas?


Have you tried getting to it from the standard gnome menu? You open it by doing alt + f1.


I have tried the std. Gnome menu and it is not there. the instructions here were not quite clear what to do, so like others I had removed 2.4 first. Now if I look in package manager, it does say I have 2.5, but it is nowhere to be found in the menus (yes, I have refreshed plugins).

I did see some sort of 'Gnome integration' file that was removed with 2.4, and it hasn't reappeared in the synaptic list - so maybe that is what is causing the problem. If it doesn't show in the list, how do I get it back ?? :|
badmotor
Level 4
Level 4
 
Posts: 371
Joined: Fri May 02, 2008 7:40 pm
Location: New Zealand.

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby clem on Thu Jun 12, 2008 4:41 pm

Hi,

If you removed mintassistant, mintassistant-gnome must have been removed as well (it depends on it). mintassistant-gnome is the package which contains the menu item and the command line launcher.

Clem
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5545
Joined: Wed Nov 15, 2006 8:34 am

Linux Mint is funded by ads and donations.
 
Next

Return to Releases & Announcements

Who is online

Users browsing this forum: No registered users and 2 guests