View Single Post
Old 27th February 2017
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
Join Date: Apr 2008
Location: New Zealand
Posts: 2,201

Originally Posted by e1-531g View Post
The problem seem to be mostly related to the tight integration of various userland components on the Linux desktop.
It's not a bug, it's a feature. Seriously, I would not like to use OS (desktop use-case) which would, by default, not let one program use files created by another program.
I don't think I ever argued for "not let one program use files created by another". Not sure where you got that from.

The problem is that various components are integrated, all of which can potentially – and in fact *do* – increase the attack surface. Integrating gstreamer and its gazillion plugins with the browser is a good example.
The various "glue" components only make things worse, as it makes everything pretty complex and difficult to understand. I can understand programs creating and accessing files and I understand how to prevent that. I don't understand how to prevent programs from accessing dbus for example.

I am not complaining on Chrome/Chromium team, because they are doing great job fuzzing and sandboxing (privilege separation) browser, but there are a lot of other software project such as PDF readers (Evince), multimedia players which doesn't use these techniques to improve security.
The difference is that Chrome has one of the largest corporations on the planet backing it, whereas Evince or mpv do not and are primary written by people in their spare time :-) You can't really compare the two.
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote