does firefox under ubuntu has something similar to activeX, in terms of security vulnerability?
‘ActiveX’ can be considered in two parts, the object model and the installation method. Firefox has something similar—and cross-platform compatible, Ubuntu or other—for both.
The object model of ActiveX is Microsoft COM; Firefox's equivalent is XPCOM. Many other Windows features and applications that are nothing to do with web browsing use MS COM, and there have traditionally been endless problems where COM controls that were not written for secure web usage were nonetheless available to web pages. This caused many compromises. Firefox is better off here as XPCOM is not shared with the rest of the system. Newer versions of IE have better controls for mitigating what sites are allowed to use what controls.
(As a side-issue, because many add-ons for Firefox are themselves written in JavaScript, a high-level scripting language, they are often more secure from buffer overflow and string handling errors than extensions for IE which are commonly written in C[++].)
The control-downloader part of ActiveX has also been cleaned up a bit since the bad old days when anything in the My Computer zone could install any software it liked, and aggressive loader scripts could trap you in an alert
loop until you agreed to approve the ActiveX prompt. Firefox's equivalent, XPInstall, behaves largely similarly, with the ‘information bar’ on all but Mozilla's sites by default and a suitable warning/prompt before installation.
There is another built-in way you can compromise yourself in Mozilla: signed scripts. I have never seen this actually used, and certainly there'll be another warning window appear before a script gains extra rights, but it kind of worries me that this is available to web pages at all.
for example an exploit through flash will gain access to my pc under my user rights
Yes, the majority of web exploits today occur in plugins. Adobe Reader, Java(*) and QuickTime are the most popular/vulnerable. IMO: get rid of those, and use FlashBlock to only show Flash when you want it.
(*: and Java's dialogues before it lets you give up all security to some untrusted applet is a bit bare too.)
Ubuntu gives you some questionable plugins by default, in particular a media player plugin that will make every vulnerability in any of your media codecs exploitable through the web (similar to the Windows Media Player plugin, only potentially with many more formats). Whilst I have yet to meet an exploit targeting Linux like this, that's really only security through obscurity.
Note that ActiveX itself is no different. A web browser compromise based on ActiveX still only gives user-level access; it's only because prior to Vista everyone habitually ran everything as Administrator that this escalated to a full-on rooting.
and then follow to exploit some known vulnerability in X to gain root rights. that is not "easy".
Maybe, maybe not. But I think you'll find the damage some malware can do from even a normal user account is quite bad enough. Copy all your personal data, observe your keypresses, delete all your documents...
Best Answer
First off, you need to understand the concept of the users in linux, with special regards to the
root
user. In order to keep this answer below the character limit (and on topic), I'd suggest you read this page followed by this one. Really, all you need to know is the following:Linux is a multi-user operating system with each user having limited power and scope as defined by their user group. Every Linux system has something called the
root
user (UID 0, also known as the superuser), who is the total and completely authoritative administrator.root
knows all,root
sees all,root
controls all.The concept of
sudo
came from the old UNIX commandsu
(from switch user), which allowed any user to log in to any other user on the system. Anyone with administrative privileges would typesu root
(or justsu
) to escalate to the root user for any admin task. This, regrettably, had a few problems. In systems with multiple admins, everyone shared the root password. Meaning, if an admin left the company, the root password would need to be changed and redistributed to all of the other administrators. This can be extremely time-consuming at times, and otherwise just be a great pain.Now, enter
sudo
.sudo
works on a different principle. Instead of requiring users to know the root account login,sudo
would be used to allow users to escalate themselves into theroot
account (or any other account, for that matter) based on the rules of the/etc/sudoers
file. Now, revoking or adding an administrator is simple -- just add or remove a user from a group or the file. Because of this, the root account can be "disabled", thereby blocking access to anyone except actual admins.For almost all cases, this is all
sudo
is used for. It grantsroot
power to administrators (members of groupadmin
orsudo
) based on the rules defined in/etc/sudoers
.(Un)intentionally, this also comes with a massive security benefit. Administrators can run in an unprivileged mode just like any other user. They can then escalate or "enable" administrative privileges when they're needed, and revoke them immediately afterwards. Usually, this is only used for a single command (e.g.
sudo apt install cowsay
), but it could also be a full-blown root shell.This isolation in turn also protects the system at large (remember, *NIX was originally a multi-user environment used by many people) from malicious code executed from an admin's account, be it through malware or someone logging on to an admin's active terminal. Similarly,
sudo
allows every admin action to be logged and reviewed at any time. Contrast this to the oldsu
method, where you realistically had no idea who ran what command.Also, based on the permission model of Linux,
sudo
can prevent a user from making potentially dangerous mistakes like accidentally uninstalling a critical program, erasing a hard drive, or any other number of nasty things that should never be done without some confirmation.TL;DR:
Really,
sudo
is just a (very useful) holdover from the true multi-user environments of old *NIX installations. However, it still retains its usefulness by protecting the system from malware or session hijacking. In typical *NIX mentality, protection of the admin's actual account is an exercise left to the admin.If you're worried about someone sitting down at your computer while you're away and messing with your privacy, just lock your screen/session. Even so, physical access is a killer.