zlacker

[parent] [thread] 8 comments
1. kaba0+(OP)[view] [source] 2022-03-22 10:57:52
Linux desktops are not secure in any meaning of the word. Running everything as the same user is a catastrophe, see the recent “package-manager wiping out $HOME issue”. This should simply not happen in the 21st century, and we really should not make ourselves believe that we are safe just because desktop linux is seldom targeted and that the community is giving and well-intentioned for the most part. It is no longer a small village where everyone knows everyone and we could leave the doors open.
replies(4): >>fsflov+j4 >>blihp+Dd >>belorn+df >>vinceg+Nl1
2. fsflov+j4[view] [source] 2022-03-22 11:52:58
>>kaba0+(OP)
> Linux desktops are not secure in any meaning of the word.

Yes, they are: https://puri.sm/security and https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque....

replies(1): >>kaba0+W4
◧◩
3. kaba0+W4[view] [source] [discussion] 2022-03-22 11:57:00
>>fsflov+j4
Strcat does a much better job than I could to refute it: https://news.ycombinator.com/item?id=30761693

But basically, it is not secure neither on a hardware front, neither on software. The latter runs everything as the same user so a rouge bash script can encrypt your whole photo gallery, exfiltrate any data, etc.

4. blihp+Dd[view] [source] 2022-03-22 13:02:20
>>kaba0+(OP)
Sure, if you run (most of) them in their default configuration. However, they can trivially be made much more secure which is one of the appeals of Linux to some: you're not limited to whatever set of compromises a vendor decided was acceptable.
replies(1): >>kaba0+ne
◧◩
5. kaba0+ne[view] [source] [discussion] 2022-03-22 13:06:12
>>blihp+Dd
Just because there is firejail, it won’t magically make it secure. It also has to be comfortable to use, for which you need communication between the app and the os handling permissions a la ios/android. Flatpak is going in that direction but I don’t necessarily like the approach of mixing packaging and sandboxing together.
replies(1): >>blihp+9v
6. belorn+df[view] [source] 2022-03-22 13:10:51
>>kaba0+(OP)
Every modern proprietary operative systems and mobile operative systems is designed to generate revenue for the developer when it is running on the users own hardware. Advertisement, selling personal information, tracking for marketing and r&d purposes, locking down for product positioning and upgrade/upsale paths, and occasionally discreet access for three letter agencies in order to keep politicians at bay. Linux desktops are not designed for that purpose.

Security can be many things for different people. Preventing criminals from abusing vulnerabilities in software is one kind of security. Preventing companies from black/grey hack patterns is an other. Making people feel less icky from ubiquitous tracking is one. Stopping advertisements from wasting peoples time and preventing planned e-waste is additional ones.

Maybe we need to invent a new word for security. Something about making people feel safe and preventing actions that would harm them.

◧◩◪
7. blihp+9v[view] [source] [discussion] 2022-03-22 14:36:19
>>kaba0+ne
Those are just two options (I'm not a big fan of either)... there are a myriad of other options available.[1] While I disagree with your assertion that Linux desktops are not secure, I would agree that making them more secure is not trivial. If you changed your assertion to 'they are not secure by default', I would agree with you.

I would disagree with 'has to be comfortable to use' as that is often at odds with 'secure'. Some of the things I do to secure my system make infrequently done/high risk things quite uncomfortable to use. Not because I wanted to make it uncomfortable, but because that's what it took to get the level of security I desired.

[1] I would also argue that spending too much effort here before addressing other attack vectors first is rather silly. (i.e. web browser, network, minimizing usage of/isolating 3rd party binaries)

replies(1): >>kaba0+wT1
8. vinceg+Nl1[view] [source] 2022-03-22 18:45:31
>>kaba0+(OP)
They may not be secure in any absolute sense, but they are way safer than any proprietary OS.
◧◩◪◨
9. kaba0+wT1[view] [source] [discussion] 2022-03-22 21:42:33
>>blihp+9v
Sure, I may have used stronger language than necessary because I do feel strongly for the issue as I am really fond of the kernel and many of the excellent work of the ecosystem. What I meant under “comfortable to use” is that a sandbox needs to communicate with the sandboxed application and with the general system to be truly usable. Otherwise it is more like a firewall for syscalls. Which has its place and is good for an absolute boundary, but it is not a UX for end users. If I use a bad firefox profile in firejail it should not just crash, firefox should be told what’s the situation. The most basic example would probably be a file chooser dialog — the application should be able to call for such a dialog but the dialog is made by the OS and only the selected file should be made available to the sandboxed program. Flatpak’s portals are a good direction, but I’m not sure that it is a good implementation.

I also have to agree with you on the “one can make it secure” part, e.g. android builds on top of pretty standard linux tools to achieve its better security, namely selinux for a larger boundary and the most important: running different processes as different users! It is such a gaping security issue in typical DEs, as otherwise not even the very crude UNIX permission system can do anything meaningful (other than the relevant xckcd comic: the attacker can access all my files, my browser cache, etc, but at least can’t install a video driver)

[go to top]