Important Security Notice - mintAssistant 2.4 in Elyssa!

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
red-e-made
Level 5
Level 5
Posts: 526
Joined: Sat Jul 14, 2007 11:31 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by red-e-made »

Lantesh wrote:Clem,

I just wanted to let you know that mintUpdate still does not always show updates unless I open it, wait for it to do it's check, and then hit refresh again. After doing this mintAssistant 2.5 did indeed show up. In general I do still have to do this each time to see what updates are available.

Might I request that after you have posted the new .iso file for Mint 5 that you announce it in this thread as a follow up? Once it's ready I would like to download it again so my CD is up to date without this security flaw.

By the way I'm impressed that you found this and have a fix so quickly, considering it's only been a few days since launch. Thank you so much.
Seconded. I also have to manually refresh mintUpdate in order to see these updates, including the one for mintAssistant.

I'd also like to ask a stupid question, if I may - since I updated mintAssistant from 2.4 to 2.5, do I really need to download the new ISO and do a fresh install?
badmotor

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by badmotor »

clem wrote:Hi,

If you removed mintassistant, mintassistant-gnome must have been removed as well (it depends on it). mintassistant-gnome is the package which contains the menu item and the command line launcher.

Clem
That's my question: I can't find mintassistant-gnome in the package manager anymore to reinstall it.
kanishka
Level 5
Level 5
Posts: 718
Joined: Sat Feb 10, 2007 5:59 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by kanishka »

red-e-made wrote:Seconded. I also have to manually refresh mintUpdate in order to see these updates, including the one for mintAssistant.
That's strange: it used to be the same for me but... I just came home and I had a new update (openssl blacklist) waiting for me in mintUpdate, without the need to refresh it. Boh? :?:
red-e-made
Level 5
Level 5
Posts: 526
Joined: Sat Jul 14, 2007 11:31 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by red-e-made »

kanishka wrote:
red-e-made wrote:Seconded. I also have to manually refresh mintUpdate in order to see these updates, including the one for mintAssistant.
That's strange: it used to be the same for me but... I just came home and I had a new update (openssl blacklist) waiting for me in mintUpdate, without the need to refresh it. Boh? :?:
Honestly, refreshing MintUpdate isn't really an issue for me. Sometimes I get them without having to refresh, other times, I need to refresh. Not a big deal for me, really.

But I do want to know if I need to do a fresh install, despite having updated from mintAssistant 2.4 to 2.5.
NBSVieiraPT

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by NBSVieiraPT »

For those who can't update it from MintUpdate there is a simple workaround even a noob like me figured out. Synaptic. Find the mintassistant and mark to upgrade. Oh so simple and all is set now 8)
cathbard

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by cathbard »

You can launch it from the command line in a terminal with the command: sudo mintAssistant
If that fails because it has indeed been removed, install it with: sudo apt install mintassistant
You should of course run sudo apt update before doing the install to make sure your apt database is synced with the repo. This is true anytime one is installing from the command line.

The command line is your friend :wink:
Some_Guy

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by Some_Guy »

Ok, I am having trouble understanding something. In order to run mint assistant you need sudo privleges right? So wouldn't any user be able to set a root password by using sudo and running mint assistant? They could uninstall and reinstall mint assistant with sudo privleges and then run assistant also, wouldn't that put you back at square one someone having the ability to set root on your computer?
badmotor

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by badmotor »

cathbard wrote:You can launch it from the command line in a terminal with the command: sudo mintAssistant
If that fails because it has indeed been removed, install it with: sudo apt install mintassistant
You should of course run sudo apt update before doing the install to make sure your apt database is synced with the repo. This is true anytime one is installing from the command line.

The command line is your friend :wink:
todd@todd-desktop:~$ sudo mintAssistant
sudo: mintAssistant: command not found
todd@todd-desktop:~$

edit: nevermind, I think sudo apt update bought mintassistant-gnome back, and now all is good. Hurrah!
cathbard

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by cathbard »

Some_Guy: If a user has sudo access they can change the root passwd with or without mintassistant on any linux system that has sudo installed. All any sudo enabled user needs to do to set the root password is type "sudo passwd". Having sudo authority gives you the same rights as the root user when you use it. Sudo priveledges are only given to users that you would also trust to have the root password. Sudo authority does have some configurable options but the way it's setup normally it's essentially the same thing.
User avatar
clem
Level 12
Level 12
Posts: 4303
Joined: Wed Nov 15, 2006 8:34 am
Contact:

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by clem »

Code: Select all

apt update; apt install mintassistant mintassistant-gnome
Then run from the menu, or type "sudo mintAssistant user /home/user" where "user" is your username.

Clem
Image
billy

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by billy »

This might sound a bit naive, so please excuse me for not understanding things properly. When Mint Assistant launches it walks through various steps, including whether or not to enable Root password. It is not recommended to enable the password in Mint Assistant. So, should the Root password be enabled or not? I am a new convert to Linux in general and LinuxMint in particular. Having tried out a few distros, Mint seems to me to be about the best, very easy to use and intuative. As yet I hav`nt used the terminal much properly yet, but I am starting to work it out slowly, with a bit of written help.
Sorry to go on a bit, keep up the excellent work guys.
red-e-made
Level 5
Level 5
Posts: 526
Joined: Sat Jul 14, 2007 11:31 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by red-e-made »

billy wrote:This might sound a bit naive, so please excuse me for not understanding things properly. When Mint Assistant launches it walks through various steps, including whether or not to enable Root password. It is not recommended to enable the password in Mint Assistant. So, should the Root password be enabled or not? I am a new convert to Linux in general and LinuxMint in particular. Having tried out a few distros, Mint seems to me to be about the best, very easy to use and intuative. As yet I hav`nt used the terminal much properly yet, but I am starting to work it out slowly, with a bit of written help.
Sorry to go on a bit, keep up the excellent work guys.
Welcome, billy.

There are two schools of thought on this: On the one hand, there are folks who are 100% sure that they know exactly what they are doing 100% of the time, and so they enable a root account. Then there's the rest of us.

I'd recommend not enabling a root password. Commands and actions that require those priveleges can be done in the Terminal, where you give your password. In my opinion it's better to type in your password with each administrative action then to be logged in as root and accidentally do something you can't reverse, and require a fresh install. Erring on the side of caution, in other words. That's just my opinion on the matter.
billy

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by billy »

Thanks for that.
I thought that was the case, just making sure that I was`nt a right wally.

Is`nt Mint nice, no very nice.
Rob Brill

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by Rob Brill »

Hi All,

I downloaded a new iso - R1 and reinstalled Linux 5 Mint Gnome Main Edition.
Updates:
104 + 1 (openssl blacklist) + 1 deskbar-apllet - = 102 updates done

mintUpdate is not working as it might work. I can't get updates notifications so,
i open it - supply password - no updates come - i press refresh e then it works good.
No matter for me to check updates everyday without any notifications. The most important
thing i could say it is: mintUpdate works anyways. That's counts good to me.

Cheers
Roberto
cathbard

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by cathbard »

Billy: A little more info. Logging into x as root is never really a good idea and many distros that do use a root user for admin tasks disable root login in gdm/kdm. Logging into a text session as root or getting root from inside a user's session is a completely different story. Getting root with su instead of using sudo makes life easier on multi-user systems where the user that is logged in isn't trusted with sudo access and has been disabled in the sudoers file. There is a way around that but it is a bit convoluted. On a ubuntuesque system like mint where launching an admin function from within x asks for a sudo password anyway, the root user is even less useful. This is one reason that so many hardcore old-school linux users prefer the old fashioned root user to do all admin tasks instead of the sudo system; as an administrator you can walk up to a user's machine and gain the power of god easily using your root password and the poor user can't do any admin tasks without you. (And we all know how some sys admins thrive on their delusions of grandeur in the office don't we? :wink: )
There are other minor reasons but I won't go into that. Let's just say that on a single user system or when all users have sudo authority, having a root user has very few advantages. Linux is styled after Unix which was designed for multiuser environments where users don't get root access. A home pc is different kettle of fish.
In most cases if you want to do a lot of admin tasks consecutively, issuing something like "sudo -s" is adequate. That effectively gets you a root terminal for the duration of your tasks and you can effectively launch apps as root to your heart's content. And if the user won't give you his password tell him to fix it himself and go have a beer. :lol:
Speaking personally as an old school debian user, using sudo instead of su'ing to root has taken me a bit of getting used to and the option to use su instead is a welcome feature of mint. I think giving the option to have a root user for old farts like me is great. I'd like it to go further and give me an install option to get rid of sudo altogether and have all admin functions done by the root user but I think that would be asking way way too much and would cause far too much confusion for everybody. How mint does it is a good compromise imo.
billy

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by billy »

Cathbard,
Thanks for the reply, I thought that was the case, being quite new to this is a little bit different from M$. I am starting to get the hang of Linux, but it`s a bit of a slow learning curve.

But I am glad that I have decided to take the plunge and learn all sorts of different exiting things. I must say that LinuxMint seems to be about the best of the distros I`ve tried, many thanks to all those that produce it.

Thanks again.
User avatar
bigbearomaha
Level 3
Level 3
Posts: 178
Joined: Tue Feb 06, 2007 11:34 am
Location: Omaha, NE

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by bigbearomaha »

Actually, there are many applications and servers that require root access, some of these can be accommodated by sudo, not always though.

Also, there seems o be quite a bit of FUD regarding use of the root login. One poster here pretty much relegated it's use to elitism and arrogance. I'm sorry you should have to see such tripe as a new to Linux user.

As usual, there are "areas" in which each method has it's strengths. sudo is great in situations where a quick jot on the c/l is needed. Not much has to be done. quick in and out.

If one is going to be doing more extensive work that will require multiple, frequent and repeated actions which require root access, it is much more time and resource efficient to log in as root to get the work done.

Depending on the environment and circumstances will determine the need and frequency of using root access.

In most home desktop experiences currently, due to the great work put out by people like Clem and Texand others, the need for the "average" user to have to resort to 'root' or even 'sudo' is minimal at most.

One must remember that no matter what path one takes, be it root login or use of sudo, when in a situation where one has access to root privileges you should ALWAYS be extremely careful.

Big Bear
Bee the best you can bee.
Husse

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by Husse »

@ red-e-made
Of course you don't have to download the new iso once you've updated mintAssistant
And for those that chose to have a root password this was never a problem
Husse

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by Husse »

Yes
and there is always

Code: Select all

sudo passwd root
arun

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Post by arun »

sir .i want to know how to use aptoncd?.
2)please give how to upgrage my my mint os(aplications)without inter net connection
Post Reply

Return to “Releases & Announcements”