Important Security Notice - mintAssistant 2.4 in Elyssa!

Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics.

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby bigbearomaha on Thu Jun 12, 2008 5:42 pm

If when using Mint assistant and one chooses to not use the root password, it then generates a random password

1) doesn't that defeat the purpose of saying you don't want to enable the root acct to begin with and

2) if it is given a random generated password, how does one access it at a later time should the need arise? I assume the option of logging in as a "single user mode" is still viable in order to change that.

Big Bear
Saving the world, one bee at a time
http://bbe-tech.com/
User avatar
bigbearomaha
Level 3
Level 3
 
Posts: 170
Joined: Tue Feb 06, 2007 11:34 am
Location: Omaha, NE

Linux Mint is funded by ads and donations.
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby red-e-made on Thu Jun 12, 2008 6:01 pm

Lantesh wrote:Clem,

I just wanted to let you know that mintUpdate still does not always show updates unless I open it, wait for it to do it's check, and then hit refresh again. After doing this mintAssistant 2.5 did indeed show up. In general I do still have to do this each time to see what updates are available.

Might I request that after you have posted the new .iso file for Mint 5 that you announce it in this thread as a follow up? Once it's ready I would like to download it again so my CD is up to date without this security flaw.

By the way I'm impressed that you found this and have a fix so quickly, considering it's only been a few days since launch. Thank you so much.


Seconded. I also have to manually refresh mintUpdate in order to see these updates, including the one for mintAssistant.

I'd also like to ask a stupid question, if I may - since I updated mintAssistant from 2.4 to 2.5, do I really need to download the new ISO and do a fresh install?
User avatar
red-e-made
Level 5
Level 5
 
Posts: 525
Joined: Sat Jul 14, 2007 11:31 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby badmotor on Thu Jun 12, 2008 6:05 pm

clem wrote:Hi,

If you removed mintassistant, mintassistant-gnome must have been removed as well (it depends on it). mintassistant-gnome is the package which contains the menu item and the command line launcher.

Clem


That's my question: I can't find mintassistant-gnome in the package manager anymore to reinstall it.
badmotor
Level 4
Level 4
 
Posts: 371
Joined: Fri May 02, 2008 7:40 pm
Location: New Zealand.

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby kanishka on Thu Jun 12, 2008 6:36 pm

red-e-made wrote:Seconded. I also have to manually refresh mintUpdate in order to see these updates, including the one for mintAssistant.

That's strange: it used to be the same for me but... I just came home and I had a new update (openssl blacklist) waiting for me in mintUpdate, without the need to refresh it. Boh? :?:
kanishka
Level 5
Level 5
 
Posts: 726
Joined: Sat Feb 10, 2007 5:59 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby red-e-made on Thu Jun 12, 2008 6:41 pm

kanishka wrote:
red-e-made wrote:Seconded. I also have to manually refresh mintUpdate in order to see these updates, including the one for mintAssistant.

That's strange: it used to be the same for me but... I just came home and I had a new update (openssl blacklist) waiting for me in mintUpdate, without the need to refresh it. Boh? :?:


Honestly, refreshing MintUpdate isn't really an issue for me. Sometimes I get them without having to refresh, other times, I need to refresh. Not a big deal for me, really.

But I do want to know if I need to do a fresh install, despite having updated from mintAssistant 2.4 to 2.5.
User avatar
red-e-made
Level 5
Level 5
 
Posts: 525
Joined: Sat Jul 14, 2007 11:31 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby NBSVieiraPT on Thu Jun 12, 2008 11:47 pm

For those who can't update it from MintUpdate there is a simple workaround even a noob like me figured out. Synaptic. Find the mintassistant and mark to upgrade. Oh so simple and all is set now 8)
NBSVieiraPT
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby cathbard on Fri Jun 13, 2008 12:08 am

You can launch it from the command line in a terminal with the command: sudo mintAssistant
If that fails because it has indeed been removed, install it with: sudo apt install mintassistant
You should of course run sudo apt update before doing the install to make sure your apt database is synced with the repo. This is true anytime one is installing from the command line.

The command line is your friend :wink:
Image
"A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce." - Don Quinn
User avatar
cathbard
Level 3
Level 3
 
Posts: 148
Joined: Thu Apr 17, 2008 11:50 am
Location: Australia

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Some_Guy on Fri Jun 13, 2008 1:08 am

Ok, I am having trouble understanding something. In order to run mint assistant you need sudo privleges right? So wouldn't any user be able to set a root password by using sudo and running mint assistant? They could uninstall and reinstall mint assistant with sudo privleges and then run assistant also, wouldn't that put you back at square one someone having the ability to set root on your computer?
Some_Guy
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby badmotor on Fri Jun 13, 2008 2:51 am

cathbard wrote:You can launch it from the command line in a terminal with the command: sudo mintAssistant
If that fails because it has indeed been removed, install it with: sudo apt install mintassistant
You should of course run sudo apt update before doing the install to make sure your apt database is synced with the repo. This is true anytime one is installing from the command line.

The command line is your friend :wink:


todd@todd-desktop:~$ sudo mintAssistant
sudo: mintAssistant: command not found
todd@todd-desktop:~$

edit: nevermind, I think sudo apt update bought mintassistant-gnome back, and now all is good. Hurrah!
badmotor
Level 4
Level 4
 
Posts: 371
Joined: Fri May 02, 2008 7:40 pm
Location: New Zealand.

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby cathbard on Fri Jun 13, 2008 4:32 am

Some_Guy: If a user has sudo access they can change the root passwd with or without mintassistant on any linux system that has sudo installed. All any sudo enabled user needs to do to set the root password is type "sudo passwd". Having sudo authority gives you the same rights as the root user when you use it. Sudo priveledges are only given to users that you would also trust to have the root password. Sudo authority does have some configurable options but the way it's setup normally it's essentially the same thing.
Image
"A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce." - Don Quinn
User avatar
cathbard
Level 3
Level 3
 
Posts: 148
Joined: Thu Apr 17, 2008 11:50 am
Location: Australia

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby clem on Fri Jun 13, 2008 8:53 am

Code: Select all
apt update; apt install mintassistant mintassistant-gnome


Then run from the menu, or type "sudo mintAssistant user /home/user" where "user" is your username.

Clem
Image
User avatar
clem
Level 15
Level 15
 
Posts: 5580
Joined: Wed Nov 15, 2006 8:34 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby billy on Fri Jun 13, 2008 2:30 pm

This might sound a bit naive, so please excuse me for not understanding things properly. When Mint Assistant launches it walks through various steps, including whether or not to enable Root password. It is not recommended to enable the password in Mint Assistant. So, should the Root password be enabled or not? I am a new convert to Linux in general and LinuxMint in particular. Having tried out a few distros, Mint seems to me to be about the best, very easy to use and intuative. As yet I hav`nt used the terminal much properly yet, but I am starting to work it out slowly, with a bit of written help.
Sorry to go on a bit, keep up the excellent work guys.
billy
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby red-e-made on Fri Jun 13, 2008 2:52 pm

billy wrote:This might sound a bit naive, so please excuse me for not understanding things properly. When Mint Assistant launches it walks through various steps, including whether or not to enable Root password. It is not recommended to enable the password in Mint Assistant. So, should the Root password be enabled or not? I am a new convert to Linux in general and LinuxMint in particular. Having tried out a few distros, Mint seems to me to be about the best, very easy to use and intuative. As yet I hav`nt used the terminal much properly yet, but I am starting to work it out slowly, with a bit of written help.
Sorry to go on a bit, keep up the excellent work guys.


Welcome, billy.

There are two schools of thought on this: On the one hand, there are folks who are 100% sure that they know exactly what they are doing 100% of the time, and so they enable a root account. Then there's the rest of us.

I'd recommend not enabling a root password. Commands and actions that require those priveleges can be done in the Terminal, where you give your password. In my opinion it's better to type in your password with each administrative action then to be logged in as root and accidentally do something you can't reverse, and require a fresh install. Erring on the side of caution, in other words. That's just my opinion on the matter.
User avatar
red-e-made
Level 5
Level 5
 
Posts: 525
Joined: Sat Jul 14, 2007 11:31 am

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby billy on Fri Jun 13, 2008 3:44 pm

Thanks for that.
I thought that was the case, just making sure that I was`nt a right wally.

Is`nt Mint nice, no very nice.
billy
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Rob Brill on Sat Jun 14, 2008 1:04 am

Hi All,

I downloaded a new iso - R1 and reinstalled Linux 5 Mint Gnome Main Edition.
Updates:
104 + 1 (openssl blacklist) + 1 deskbar-apllet - = 102 updates done

mintUpdate is not working as it might work. I can't get updates notifications so,
i open it - supply password - no updates come - i press refresh e then it works good.
No matter for me to check updates everyday without any notifications. The most important
thing i could say it is: mintUpdate works anyways. That's counts good to me.

Cheers
Roberto
User avatar
Rob Brill
Level 4
Level 4
 
Posts: 391
Joined: Tue Feb 05, 2008 1:49 pm
Location: Global

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby cathbard on Sat Jun 14, 2008 3:14 am

Billy: A little more info. Logging into x as root is never really a good idea and many distros that do use a root user for admin tasks disable root login in gdm/kdm. Logging into a text session as root or getting root from inside a user's session is a completely different story. Getting root with su instead of using sudo makes life easier on multi-user systems where the user that is logged in isn't trusted with sudo access and has been disabled in the sudoers file. There is a way around that but it is a bit convoluted. On a ubuntuesque system like mint where launching an admin function from within x asks for a sudo password anyway, the root user is even less useful. This is one reason that so many hardcore old-school linux users prefer the old fashioned root user to do all admin tasks instead of the sudo system; as an administrator you can walk up to a user's machine and gain the power of god easily using your root password and the poor user can't do any admin tasks without you. (And we all know how some sys admins thrive on their delusions of grandeur in the office don't we? :wink: )
There are other minor reasons but I won't go into that. Let's just say that on a single user system or when all users have sudo authority, having a root user has very few advantages. Linux is styled after Unix which was designed for multiuser environments where users don't get root access. A home pc is different kettle of fish.
In most cases if you want to do a lot of admin tasks consecutively, issuing something like "sudo -s" is adequate. That effectively gets you a root terminal for the duration of your tasks and you can effectively launch apps as root to your heart's content. And if the user won't give you his password tell him to fix it himself and go have a beer. :lol:
Speaking personally as an old school debian user, using sudo instead of su'ing to root has taken me a bit of getting used to and the option to use su instead is a welcome feature of mint. I think giving the option to have a root user for old farts like me is great. I'd like it to go further and give me an install option to get rid of sudo altogether and have all admin functions done by the root user but I think that would be asking way way too much and would cause far too much confusion for everybody. How mint does it is a good compromise imo.
Image
"A bachelor is a selfish, undeserving guy who has cheated some woman out of a divorce." - Don Quinn
User avatar
cathbard
Level 3
Level 3
 
Posts: 148
Joined: Thu Apr 17, 2008 11:50 am
Location: Australia

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby billy on Sat Jun 14, 2008 9:22 am

Cathbard,
Thanks for the reply, I thought that was the case, being quite new to this is a little bit different from M$. I am starting to get the hang of Linux, but it`s a bit of a slow learning curve.

But I am glad that I have decided to take the plunge and learn all sorts of different exiting things. I must say that LinuxMint seems to be about the best of the distros I`ve tried, many thanks to all those that produce it.

Thanks again.
billy
 

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby bigbearomaha on Sat Jun 14, 2008 6:54 pm

Actually, there are many applications and servers that require root access, some of these can be accommodated by sudo, not always though.

Also, there seems o be quite a bit of FUD regarding use of the root login. One poster here pretty much relegated it's use to elitism and arrogance. I'm sorry you should have to see such tripe as a new to Linux user.

As usual, there are "areas" in which each method has it's strengths. sudo is great in situations where a quick jot on the c/l is needed. Not much has to be done. quick in and out.

If one is going to be doing more extensive work that will require multiple, frequent and repeated actions which require root access, it is much more time and resource efficient to log in as root to get the work done.

Depending on the environment and circumstances will determine the need and frequency of using root access.

In most home desktop experiences currently, due to the great work put out by people like Clem and Texand others, the need for the "average" user to have to resort to 'root' or even 'sudo' is minimal at most.

One must remember that no matter what path one takes, be it root login or use of sudo, when in a situation where one has access to root privileges you should ALWAYS be extremely careful.

Big Bear
Saving the world, one bee at a time
http://bbe-tech.com/
User avatar
bigbearomaha
Level 3
Level 3
 
Posts: 170
Joined: Tue Feb 06, 2007 11:34 am
Location: Omaha, NE

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Husse on Sun Jun 15, 2008 12:41 pm

@ red-e-made
Of course you don't have to download the new iso once you've updated mintAssistant
And for those that chose to have a root password this was never a problem
Image
Don't fix it if it ain't broken, don't break it if you can't fix it
Husse
Level 21
Level 21
 
Posts: 19703
Joined: Sun Feb 11, 2007 7:22 am
Location: Near Borås Sweden

Re: Important Security Notice - mintAssistant 2.4 in Elyssa!

Postby Eric Weir on Sun Jun 15, 2008 5:26 pm

clem wrote:- A fix has been released in mintAssistant 2.5. When you select not to use the root password, the root account is now given a randomly generated password.

Is it possible later to go back and elect setting a root password?

Thanks,
Eric Weir
Decatur, GA USA
Linux Mint 5
User avatar
Eric Weir
Level 2
Level 2
 
Posts: 93
Joined: Sat May 31, 2008 3:06 pm
Location: Decatur, GA USA

Linux Mint is funded by ads and donations.
 
PreviousNext

Return to Releases & Announcements

Who is online

Users browsing this forum: No registered users and 4 guests