Error when enabeling ufw
-
Firewall in UT
Telnina said βdonβt want to be nasty butβ is there a plan or a timeline for a firewall in UT? We have not enabled a firewall in UT because the architecture is unusual. There are no ports open in UT by default. There are also no services running by default. A firewall would add a medium amount of weight to the system and would consume battery. Provided that there is nothing open, there is nothing that needs blocking. It is one of those issues which is worth revisiting periodically and Marius will dig into it a little deeper with the Canonical engineers who initially decided to exclude it.
Florian commented that if someone was able to do something malicious with UT, to force a port to open, then a firewall could play a useful role by closing it. One thing for sure is that a firewall is very dependent on the kernel and since we are often working with old kernels, that could make any introduction of a firewall messy.
In a follow up, it was asked if it could have a role in blocking certain outbound traffic? Well the issue there is one of complexity. For the average user controlling functions like that would need a graphical interface and how would they make sense of the settings? That difficulty really suggests the option of an app installable from the OpenStore for those who do know what they are doing, rather than exposing a confusing settings dialogue in
the installed system.To save you looking a bit of a preview of the blog
don't tell -
@Lakotaubp : So I wonder, if it is not needed at UT, why donΒ΄t we skip the UFW from the standard installation and update the documents that inexperienced user do not ask for such topic? And away from the FW.
Would you be so kind and explain whats the root cause of "Warn: Uid is 0 but '/' is owned by 109" (as per my understanding this was the question). Please enlighten me. Thanks -
@Lakotaubp
Thank you very much for taking the time to do the write up regarding UT view on UFW.
Like @Tellina I'm still interested in the initial question regarding the error stated above. If you could explain that would be highly appreciated.
-
The write up is by the UBports Writers team, so not me and as for the the other stuff again I have not a clue on the tech reasons. Somone will though I'm sure.
-
@Alter posted a comment in todays Q&A 84 thread today. A link was included to an earlier blog post about using the firewall. In that section a screenshot shows the error '...is owned by 109' mentioned earlier.
Besides the really interesting question raised by @Alter's question, I wonder if anyone can answer the question as to what does the error tells us and warns about?
-
Back in the [Canonical] time there was : https://open-store.io/app/antivirus.iprogramer
With fonctions :
This is an App For Scanning and Protecting Ubuntu Devices from Malware, Viruses and RootKits.
Features:
Scan your Device For "Malicious Apps"
Scan your Device For "Malicious Connections"
Scan your Device For "Listening Ports"
Scan your Device For "Malicious Startup Commands"Manage your "Firewall"
Manage your "Active Services"Check an IP for "Malicious Activity"
Generate "Password with Pattern"Don't know why it's been deprecated.
-
@Keneda said in Error when enabeling ufw:
Don't know why it's been deprecated.
This app was not deprecated as such. Simply that the author never recompiled it to run 9against 16.04 when. The underlying OS was updated.
I also seem to remember claims that the app did not do all that it advertised. The code is out lucky hosted on Launchpad though, so anyone with time available who can read code (including me) could examine it.
I took a quick look at the C code on my phone (not ideal, I know) and it does use some interesting techniques I might be applying in my own apps.
-
@arubislander Your right on that. It was pointed out a few times that the app was doing very little if not nothing by flohack.
-
@Lakotaubp
I found post of him about that :
https://forums.ubports.com/topic/2768/are-there-any-attack-vectors-based-on-sd-card/3?_=1599561104795He tells that the app was confined, beside it was unconfined with full system access.
Did Brian Douglass published unconfined apps without reviewing it?
Scanning polemic appart, it had a firewall interface, that too was bullshit?
-
@Keneda It states the app was fully confined so could not do anything other than scan it's self. As for the full app history I cannot remember but it was about a long time age so might have been a hang around from canonical day. As for Firewall thing again I have no idea but it seems it was just a pretty interface doing nothing. Maybe @Flohack can remember full details.
-
@Lakotaubp said in Error when enabeling ufw:
It states the app was fully confined
It wasn't in 2016 when app was released and i installed it, and it's still tagged as "full system access" right now.
But maybe it was a fake "unconfined" app after all, but that would mean crap can be released on store without review, no?Sources are still available on launchpad i believe.
https://bazaar.launchpad.net/~hosein-iprogramer/antivirus/trunk/files -
@Keneda @bhdouglass can you please check this app, this fake virus scanner should be removed I think, it was either an experiment or just a bad joke.
-
@Flohack What's the problem? It's not available for xenial and if I recall there wasn't anything wrong with it back in the day. I also think it was a beta and not fully completed.
-
@bhdouglass Ok if its not in xenial I am fine with it
