![]() Portals is designed to be an API where apps have to prompt the user to access their files (through the File Manager) or their microphone and camera. This is reflected in the under utilization of the Portals API as an example. Applications are designed in an environment where they expect to be able to do whatever they want, and the app sandboxes/mandatory access control system are merely an afterthought trying to restrict an app to only access what it expects to be accessible. Some Linux distributions don’t even have a Mandatory Access Control system at all. Out of the box, most systems only have a few system daemons confined. Apps run by the user do not have unrestricted access to their microphone, webcam, keystrokes, sensitive documents, and so on. Regardless of which application you install or how you install them, they have to play by the rules of an untrusted SELinux domain and are only able to utilize unprivileged APIs.Įven on macOS, where the application sandbox is opt-in for developers, there is still a permission control system (TCC) for unprivileged applications. Operating systems like Android and ChromeOS have full system mandatory access control, every process from the init process is strictly confined. ![]() ![]() This makes it impossible for an end user to setup a verification mechanism to verify the integrity of “the system”, as said “system” is not clearly defined in the first place. The end result is that binaries, regardless of whether they are vital for the system to function or just an extra application, are thrown into the same directories as each other (namely /usr/bin and /usr/local/bin). Linux distributions are a bunch of packages put together to make a system that works, and thus every package is treated as part of said system. On Linux, there is no such clear distinction between the system and user installed applications. ![]() The operating system itself is immutable, and nothing the user does will need or be allowed to tamper with the system volume. In over simplified terms, the system volume is signed by the OS vendor, and the firmware and boot loader works to make sure that said volume has the authorized signature. MacOS, ChromeOS, and Android have a clear distinction between the system and user installed application. There is no amount of hardening that one can reasonably apply as a user to fix up the inherent issues with Linux. There is a common claim in response to Madaidan that Linux is only insecure by default, and that an experienced user can make it the most secure operating system out there, surpassing the likes of macOS or ChromeOS. Thus, the attack surface is much smaller. Linux servers are lighter than Desktop Linux systems by orders of magnitude, without hundreds of packages and dozens of system daemons running like X11, audio servers, printing stack, and so on. On SELinux systems, these apps run in the UNCONFINED SELinux domain. ![]() In contrast, on desktop, there is virtually no AppArmor profile to confine even regularly used apps like Chrome or Firefox, let alone less common ones. For example, NGINX will run under nginx:nginx on Red Hat distributions, or Another thing to keep in mind is that Mandatory Access Control is also somewhat effective on servers, as commonly run system daemons are confined. This is in contrast to how system daemons typically run on servers, where they have their own group and user. On Desktop Linux, GUI applications run under your user, and thus have access to all of your files in /home. On servers, while most of the problems referenced in the article still exist, they are somewhat less problematic. Why is Linux used on servers if it is so insecure? # This page will attempt to address some of the questions commonly raised in reaction to his blog post. There is already a very in-depth technical blog explaining the various security weaknesses of Linux by Madaidan, Whonix’s Security Researcher. There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open-source or because it is widely used in the cloud. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |