Ubuntu Wiki

No Open Ports

Default installations of Ubuntu must have no listening network services after initial install. Exceptions to this rule include network infrastructure services such as DHCP and Avahi. When installing Ubuntu Server, the administrator can, of course, select specific services to install beyond the defaults (e.g. Apache).

Executable code does not run without execute bit

There is currently a lack of consistency on the Ubuntu desktop regarding the handling of downloaded content which has to be executed to be useful. Some content is executed automatically, some is not handled at all. Security and ease-of-use need to be balanced, and a consistent policy developed, that can guide development of MIME handlers in Ubuntu.

Principles

• Applications, including desktops and shells, must not run executable code from files which do not have the executable bit.
  • For example, the GNOME or KDE MIME type handler must not circumvent this principle.

  • This includes *.desktop files.

• Do not provide a workaround to run them anyway automatically - i. e., never juxtapose <long explanatory text> with <easy button that bypasses the text>

• Files downloaded from a web browser, mail client, etc. should never be saved as executable

Goals

• Programs that download executables from the internet should mark them with extended attributes saying where they're from, when, and what user, as well as not marked +x

The error message when trying to open an executable file should:

• explain why this may be a dangerous file
• tell you how to change its permissions
• not give you the option of launching it anyway
• maybe give you the option of looking for trusted software instead
• CDROMs: CDs without Rock Ridge extensions have all files marked executable, so this doesn't block this (same with USB sticks).

CategorySecurityTeam