[wiki] Third party untrusted code instructions

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

[wiki] Third party untrusted code instructions

Robie Basak-4
Hi,

I just came across
https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessPrepareInstall
via
https://community.ubuntu.com/t/can-we-get-real-full-disk-encryption/8802

I'm concerned that this page instructs users to download and run a
script from Dropbox. It looks well intended, but I think it presents a
number of problems:

1) The code hasn't been vetted by a developer trusted by the Ubuntu
project, unlike all code shipped by Ubuntu itself.

2) Has anybody at all vetted that the code is safe for users to run?

3) A compromise of the unknown Dropbox user's account could lead to
a compromise of any user's system who follows these instructions after
that compromise.

4) More generally, the code could change at any time, out of control of
the Ubuntu project, without any audit trail, and immediately invalidate
any previous audit made by community members.

5) It normalises the idea that it is OK for users to download and run
arbitrary scripts from the Internet.

It is effectively a third party alternate installer. I welcome efforts
like these, but I don't think they should be presented as "instructions"
or "documentation" without making it clear that the user is relying on
the trust of an entire third party program. Arguably this is what
"Community wiki" implies, but normally I'd expect this to compromise
documentation, not entire third party programs.

I couldn't find any existing policy on the wiki documentation containing
guidance on this kind of thing. What is and isn't acceptable for the
community wiki to instruct users to do?

Thanks,

Robie
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Paddy Landau
Thank you for this, Robie.

Other people have voiced the same concerns.

I am not a developer; when I put together, tested and documented the
system, I was simply putting together pieces created by others.

Someone volunteered to put the three scripts onto GIT, but unfortunately it
has not as yet happened.

If you, or anyone else reading this, would be willing to volunteer to put
the scripts into GIT, I would be thrilled.

To answer your other question, as this isn't officially supported by
Canonical (although I wish that Canonical would take charge and implement
proper encryption), no one outside a couple of users have vetted the
scripts. You can see some discussion on the main thread
<https://ubuntuforums.org/showthread.php?t=2399092>. I always welcome any
assistance.

Regards

Paddy

On Tue, 20 Nov 2018 at 15:32, Robie Basak <[hidden email]> wrote:

> Hi,
>
> I just came across
>
> https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessPrepareInstall
> via
> https://community.ubuntu.com/t/can-we-get-real-full-disk-encryption/8802
>
> I'm concerned that this page instructs users to download and run a
> script from Dropbox. It looks well intended, but I think it presents a
> number of problems:
>
> 1) The code hasn't been vetted by a developer trusted by the Ubuntu
> project, unlike all code shipped by Ubuntu itself.
>
> 2) Has anybody at all vetted that the code is safe for users to run?
>
> 3) A compromise of the unknown Dropbox user's account could lead to
> a compromise of any user's system who follows these instructions after
> that compromise.
>
> 4) More generally, the code could change at any time, out of control of
> the Ubuntu project, without any audit trail, and immediately invalidate
> any previous audit made by community members.
>
> 5) It normalises the idea that it is OK for users to download and run
> arbitrary scripts from the Internet.
>
> It is effectively a third party alternate installer. I welcome efforts
> like these, but I don't think they should be presented as "instructions"
> or "documentation" without making it clear that the user is relying on
> the trust of an entire third party program. Arguably this is what
> "Community wiki" implies, but normally I'd expect this to compromise
> documentation, not entire third party programs.
>
> I couldn't find any existing policy on the wiki documentation containing
> guidance on this kind of thing. What is and isn't acceptable for the
> community wiki to instruct users to do?
>
> Thanks,
>
> Robie
>
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

RE: [wiki] Third party untrusted code instructions

Doug Smythies
In reply to this post by Robie Basak-4
On 2018.11.20 07:30 Robie Basak wrote:

> Hi,

Hi,

> I just came across
> https://help.ubuntu.com/community/ManualFullSystemEncryption/DetailedProcessPrepareInstall
> via
> https://community.ubuntu.com/t/can-we-get-real-full-disk-encryption/8802

For some reason your link is a sub-page from the main one:

https://help.ubuntu.com/community/ManualFullSystemEncryption

that contains a disclaimer:

> I'm concerned that this page instructs users to download and run a
> script from Dropbox. It looks well intended, but I think it presents a
> number of problems:

Note that the script itself downloads two others from dropbox.

It also is a moved permanently link, which is a concern right from the start.

> 1) The code hasn't been vetted by a developer trusted by the Ubuntu
> project, unlike all code shipped by Ubuntu itself.
>
> 2) Has anybody at all vetted that the code is safe for users to run?

Well the script is well written and easy enough to read.
That being said, I can not vouch for it.

> 3) A compromise of the unknown Dropbox user's account could lead to
> a compromise of any user's system who follows these instructions after
> that compromise.
>
> 4) More generally, the code could change at any time, out of control of
> the Ubuntu project, without any audit trail, and immediately invalidate
> any previous audit made by community members.

Agreed.

> 5) It normalises the idea that it is OK for users to download and run
> arbitrary scripts from the Internet.

Agreed.

> It is effectively a third party alternate installer. I welcome efforts
> like these, but I don't think they should be presented as "instructions"
> or "documentation" without making it clear that the user is relying on
> the trust of an entire third party program.

Would expanding the current disclaimer a bit and putting it on every
page, not just the main parent page be adequate?

> Arguably this is what
> "Community wiki" implies, but normally I'd expect this to compromise
> documentation, not entire third party programs.
>
> I couldn't find any existing policy on the wiki documentation containing
> guidance on this kind of thing. What is and isn't acceptable for the
> community wiki to instruct users to do?

I'm not sure what to say here. There was obviously a lot of work put
into this, I assume by Paddy. Your points and concerns are valid.
Myself I have very little to do with the wiki stuff.

... Doug



--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Robie Basak-4
Hi Paddy and Doug,

On Tue, Nov 20, 2018 at 04:02:05PM +0000, Paddy Landau wrote:
> Someone volunteered to put the three scripts onto GIT, but unfortunately it
> has not as yet happened.
>
> If you, or anyone else reading this, would be willing to volunteer to put
> the scripts into GIT, I would be thrilled.

FWIW, any Launchpad user or team can store git repositories. Under
https://code.launchpad.net/~ubuntu-wiki-editors, for example.

> > It is effectively a third party alternate installer. I welcome efforts
> > like these, but I don't think they should be presented as "instructions"
> > or "documentation" without making it clear that the user is relying on
> > the trust of an entire third party program.
>
> Would expanding the current disclaimer a bit and putting it on every
> page, not just the main parent page be adequate?

I think the disclaimer as-is explains that the responsible party to the
community wiki maintainers (and not Ubuntu official) adequately. But I
think that the link as it is right now shifts the responsibility out of
the domain of Ubuntu by relying on a third party account whose ownership
isn't clear.

How about a general policy that any links of this nature are always to a
git repository owned and managed by ~ubuntu-wiki-editors? Then control,
audit and responsibility would remain solely within the team that
already is in charge of the wiki, but hopefully it won't block this type
of useful work.

Then to start with the scripts can be pushed to git under
~ubuntu-wiki-editors as-is, and the links updated accordingly. Hopefully
that's a way forward.

This would address most of my concerns. I still don't like the idea that
the documention is directing users to run this code, but perhaps that
can be left for another time. (I suppose what bugs me about this over
documentation pointing to third party sources is that
~ubuntu-wiki-editors is left as the maintainer of code for which the
team generally has no expertise).

Robie
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Paddy Landau-2
On Wed, 21 Nov 2018 at 00:30, Robie Basak <[hidden email]> wrote:

>
> FWIW, any Launchpad user or team can store git repositories. Under
> https://code.launchpad.net/~ubuntu-wiki-editors, for example.
>

I might have to take this in hand, when (if) I get some time (unless some
kind soul takes it on for me).

Can you recommend a specific place in which to put the code, please?

 Paddy
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Robie Basak-4
On Wed, Nov 21, 2018 at 09:51:00AM +0000, Paddy Landau wrote:
> Can you recommend a specific place in which to put the code, please?

From https://help.launchpad.net/Code/Git#Repository_URLs, you could do
something like:

mkdir scripts
cd scripts
git init
mkdir ManualFullSystemEncryption
# put your scripts into ManualFullSystemEncryption/
git add ManualFullSystemEncryption
git commit -m'Initial import'
git remote add origin https://code.launchpad.net/~ubuntu-wiki-editors/+git/scripts
git push origin master

Now you should find the repository at
https://code.launchpad.net/~ubuntu-wiki-editors and be able to deep link to the
scripts themselves from the wiki.

HTH!

Robie
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Paddy Landau-2
>
> From https://help.launchpad.net/Code/Git#Repository_URLs, you could do
> something like:
>
> mkdir scripts
> cd scripts
> git init
> mkdir ManualFullSystemEncryption
> # put your scripts into ManualFullSystemEncryption/
> git add ManualFullSystemEncryption
> git commit -m'Initial import'
> git remote add origin
> https://code.launchpad.net/~ubuntu-wiki-editors/+git/scripts
> git push origin master
>

Unfortunately, I got stuck on the very first command

git add ManualFullSystemEncryption

with the error:

fatal: Not a git repository (or any parent up to mount point /home/paddy)
Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).

I don't, unfortunately, have time to learn GIT. If there is a "dummy's
guide" (I'm a dummy in these matters), could you point me to it, please?

Thanks :)

Paddy
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Guntbert Reiter
Paddy it looks like you missed the 'git init' command.
Kind regards, Guntbert

Am 21. November 2018 15:03:51 schrieb Paddy Landau <[hidden email]>:

>>
>> From https://help.launchpad.net/Code/Git#Repository_URLs, you could do
>> something like:
>>
>> mkdir scripts
>> cd scripts
>> git init
>> mkdir ManualFullSystemEncryption
>> # put your scripts into ManualFullSystemEncryption/
>> git add ManualFullSystemEncryption
>> git commit -m'Initial import'
>> git remote add origin
>> https://code.launchpad.net/~ubuntu-wiki-editors/+git/scripts
>> git push origin master
>>
>
> Unfortunately, I got stuck on the very first command
>
> git add ManualFullSystemEncryption
>
> with the error:
>
> fatal: Not a git repository (or any parent up to mount point /home/paddy)
> Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).
>
> I don't, unfortunately, have time to learn GIT. If there is a "dummy's
> guide" (I'm a dummy in these matters), could you point me to it, please?
>
> Thanks :)
>
> Paddy
> --
> ubuntu-doc mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc




--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

C de-Avillez-2
In reply to this post by Paddy Landau-2
On Wed, Nov 21, 2018 at 8:04 AM Paddy Landau <[hidden email]> wrote:
> Unfortunately, I got stuck on the very first command
>
> git add ManualFullSystemEncryption
>
> with the error:
>
> fatal: Not a git repository (or any parent up to mount point /home/paddy)
> Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).

It seems like you missed the first three commands --

mkdir scripts; cd scripts; git init

Specifically, missing "git init" (or issuing it somewhere else), would
give you the error (not a git repo).

Cheers,

..C..
--
..hggdh..

--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc
Reply | Threaded
Open this post in threaded view
|

Re: [wiki] Third party untrusted code instructions

Paddy Landau-2
In reply to this post by Guntbert Reiter
>
> Paddy it looks like you missed the 'git init' command.


See, I told you that I wasn't good at this!

I've managed to get as far as "git push origin master". At this point, I
get the error:
fatal: repository '
https://code.launchpad.net/~ubuntu-wiki-editors/+git/scripts/' not found

I tried some variations, but all gave errors.

Sorry that I'm so ignorant in this field.

   - What must I do now to complete it?

I am adding just two of the three scripts, because I'll have to amend the
third one once the scripts are in GIT.
So…

   - What commands do I need in order to add the third script once I've
   amended it?

Thank you

Paddy
--
ubuntu-doc mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-doc