Quote:
Originally Posted by Carpetsmoker
The problem seem to be mostly related to the tight integration of various userland components on the Linux desktop.
|
It's not a bug, it's a feature. Seriously, I would not like to use OS (desktop use-case) which would, by default, not let one program use files created by another program.
IMHO In desktop use-cases prevention is better than cure. Well, maybe small exceptions exists such as browser isolation.
Quote:
This is why exploit mitigation is so important, and why it's so disappointing Linux (or FreeBSD, for that matter) hasn't been taking this as serious as some other platforms (i.e. OpenBSD).
Is it more or less secure than Windows 10? Perhaps, perhaps not. Who cares?
|
I see this as encouragement for FOSS community to take security more seriously.
"Errare humanum est." - I get that, but there are some ways to make software projects less error-prone. I think that you are focusing too much on a browser. I am not complaining on Chrome/Chromium team, because they are doing great job fuzzing and sandboxing (privilege separation) browser, but there are a lot of other software project such as PDF readers (Evince), multimedia players which doesn't use these techniques to improve security. Much of Gnu/Linux distros were reluctant to improve security by requiring programs to use ALSR (compile position independent code).