|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|||
FOSDEM: Is the Gnu/Linux desktop less secure than windows 10?
https://fosdem.org/2017/schedule/eve...sus_windows10/
PDF with slides: Is the linux desktop less secure than windows 10? Video: https://video.fosdem.org/2017/H.1308..._windows10.mp4
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase Last edited by e1-531g; 13th February 2017 at 06:25 PM. Reason: hiperlink |
|
|||
This talk was not focused on Ubuntu 12.04 alone. It was just one example. Speaker is Gentoo developer. Gentoo is very flexible Gnu/Linux distribution, some say that this is meta-distribution.
Talk included also memory mitigation techniques. Linux slowly adopted ALSR. Windows adopted it much quicker. In Windows 10 there are next-gen mitigation techniques such as Code-Flow Integrity. There is also a talk about fuzzing. Take this situation as a whole picture not just random pixels. Theo de Raadt opinin about Gnu/Linux desktop security is similar. Theo de Raadt (ruBSD 2013) (0:52 - 1:18 and 2:08 - 2:48) IMHO from technical, engineering perspective Gnu/Linux is less secure, but there are economical aspects such as being a niche, less popular operating system (desktop use-cases) to the contrary.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase Last edited by e1-531g; 14th February 2017 at 09:14 PM. Reason: time in video |
|
||||
The problem seem to be mostly related to the tight integration of various userland components on the Linux desktop.
It's difficult to avoid this; for better or for worse, the browser has taken a central role in our daily lives and the desktop ecosystem. Even without Gnome or KDE you're probably still vulnerable to some of this nonsense. At any rate, it's the same mistake over and over again: exposing untrusted input to untrusted code :-/ It's easy to shout "zomg idiot programmers!", but it's easy to make a mistake, and sometimes your code may get run in contexts/ways you never expected (the guy who wrote that gstreamer module probably just hacked something up in a weekend, he never expected it to be loaded in Firefox). This is why exploit mitigation is so important, and why it's so disappointing Linux (or FreeBSD, for that matter) hasn't been taking this as serious as some other platforms (i.e. OpenBSD). Is it more or less secure than Windows 10? Perhaps, perhaps not. Who cares? That's the sort of 2001-era "Micro$hit" and "Linux: the facts" pissing contest I'd rather leave in the past...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
|||
Quote:
IMHO In desktop use-cases prevention is better than cure. Well, maybe small exceptions exists such as browser isolation. Quote:
"Errare humanum est." - I get that, but there are some ways to make software projects less error-prone. I think that you are focusing too much on a browser. I am not complaining on Chrome/Chromium team, because they are doing great job fuzzing and sandboxing (privilege separation) browser, but there are a lot of other software project such as PDF readers (Evince), multimedia players which doesn't use these techniques to improve security. Much of Gnu/Linux distros were reluctant to improve security by requiring programs to use ALSR (compile position independent code).
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
|||
Quote:
I wish that on my desktop I had an operating system that prevents that. Alas, Unix is not yet up to the task (although you can approximate it a ton of manual work setting up extra users and aliases).
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
Quote:
If I download video file from Youtube (using youtube-dl) I want to watch them in mpv media player. If I download code from GitHub (using git), I want to open files via Vim or Geany. If I download PDF file (using web browser), I want to open it inside Evince. and so on not to mention copy-paste, drag and drop While I was learning and making projects during my studies at University I was reading literally tens of PDFs or even hundreds just for single ones of them. If I would do think about permission of files every single time I must open a different PDF file, I would probably run out of time and finish University without degree. My point is that these programs should be secure. They are relatively less complex that web browsers, so they can be more secure.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase Last edited by e1-531g; 24th February 2017 at 02:08 PM. |
|
|||
Quote:
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems. |
|
|||
Why would the movie player like to read and send your private keys? I guess this media player have been infected by malicious code. Somebody found a vulnerability in media player, then written exploit contained inside some media file. Exploit taken control over media player.
Your defending approach is to treat this program as untrusted and isolate from files (or deny permissions). There is one big problem with this approach: technically it's easy to break out of this isolation through kernel vulnerabilities or vulnerable userspace utilities, daemons with high privileges to gain privilege elevation. Carefully crafted sandbox (privilege separation) *inside* a potentially vulnerable program is a better approach. During execution, the program divides itself into several processes and each of them drops as many privileges as they can. Even if somebody found a vulnerability, wrote exploit which circumvents mitigation techniques such as ALSR, W^X (we are talking about untrusted data, but this data is not interpreted as program so good luck), he still has to develop a way to break out of this sandbox. It's harder to found a way around because this carefully crafted sandbox restricts syscalls to a minimum. If you want more empirical data you can visit Zerodium's web page about pricing for exploits. https://www.zerodium.com/program.html Of course, it's nice to have multilayer defense approach, but it's important to understand that second layer (program isolation, deny permission to files for whole programs) is typically weaker than the first layer.
__________________
Signature: Furthermore, I consider that systemd must be destroyed. Based on Latin oratorical phrase |
|
||||
Quote:
The problem is that various components are integrated, all of which can potentially – and in fact *do* – increase the attack surface. Integrating gstreamer and its gazillion plugins with the browser is a good example. The various "glue" components only make things worse, as it makes everything pretty complex and difficult to understand. I can understand programs creating and accessing files and I understand how to prevent that. I don't understand how to prevent programs from accessing dbus for example. Quote:
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. |
|
||||
Quote:
Things have changed and while some Linux fans might like to compare today's Linux with yesterday's Windows, that OS did get a lot more secure, post XP. Vista, despite it's problems, released with a plethora of security features and related improvements. Linux has never been security focused. The security placebo of Linux has always been about not running as root and comparing that to something like Windows XP. The supposed security advantage of Linux is merely a comfort blanket as the vast majority of users know next to nothing about it. And when a vulnerability does crop up - the developers tend to close ranks and it's denial, excuses and heads in the sand from the fans... |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
OEMs Allowed To Lock Secure Boot In Windows 10 Computers | LeFrettchen | News | 12 | 23rd March 2015 02:48 AM |
Linux Foundation struggles with Microsoft's Secure Boot signing service | J65nko | News | 0 | 21st November 2012 08:44 PM |
Open-sourcers suggest Linux secure boot block workarounds | J65nko | News | 1 | 1st November 2011 12:20 PM |
Windows 8 secure boot would 'exclude' Linux and BSD* | J65nko | News | 6 | 24th September 2011 06:27 PM |