DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th February 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default FOSDEM: Is the Gnu/Linux desktop less secure than windows 10?

https://fosdem.org/2017/schedule/eve...sus_windows10/
PDF with slides: Is the linux desktop less secure than windows 10?

Video:
https://video.fosdem.org/2017/H.1308..._windows10.mp4
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 13th February 2017 at 06:25 PM. Reason: hiperlink
Reply With Quote
  #2   (View Single Post)  
Old 13th February 2017
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

Ubuntu 12.04 is from April of 2012, and only one of many different variations of Linux.

So, the answer to your question is almost certainly no.

To check, I guess you would have to check with Fedora, Debian, and Arch vs a Windows 10 install. While that's not all of "Linux" at least it comes a bit closer to asking the question.
Reply With Quote
  #3   (View Single Post)  
Old 14th February 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

This talk was not focused on Ubuntu 12.04 alone. It was just one example. Speaker is Gentoo developer. Gentoo is very flexible Gnu/Linux distribution, some say that this is meta-distribution.
Talk included also memory mitigation techniques. Linux slowly adopted ALSR. Windows adopted it much quicker. In Windows 10 there are next-gen mitigation techniques such as Code-Flow Integrity.
There is also a talk about fuzzing.
Take this situation as a whole picture not just random pixels.

Theo de Raadt opinin about Gnu/Linux desktop security is similar.
Theo de Raadt (ruBSD 2013) (0:52 - 1:18 and 2:08 - 2:48)

IMHO from technical, engineering perspective Gnu/Linux is less secure, but there are economical aspects such as being a niche, less popular operating system (desktop use-cases) to the contrary.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 14th February 2017 at 09:14 PM. Reason: time in video
Reply With Quote
  #4   (View Single Post)  
Old 18th February 2017
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

The problem seem to be mostly related to the tight integration of various userland components on the Linux desktop.

It's difficult to avoid this; for better or for worse, the browser has taken a central role in our daily lives and the desktop ecosystem. Even without Gnome or KDE you're probably still vulnerable to some of this nonsense.

At any rate, it's the same mistake over and over again: exposing untrusted input to untrusted code :-/ It's easy to shout "zomg idiot programmers!", but it's easy to make a mistake, and sometimes your code may get run in contexts/ways you never expected (the guy who wrote that gstreamer module probably just hacked something up in a weekend, he never expected it to be loaded in Firefox).

This is why exploit mitigation is so important, and why it's so disappointing Linux (or FreeBSD, for that matter) hasn't been taking this as serious as some other platforms (i.e. OpenBSD).

Is it more or less secure than Windows 10? Perhaps, perhaps not. Who cares? That's the sort of 2001-era "Micro$hit" and "Linux: the facts" pissing contest I'd rather leave in the past...
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #5   (View Single Post)  
Old 18th February 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by Carpetsmoker View Post
The problem seem to be mostly related to the tight integration of various userland components on the Linux desktop.
It's not a bug, it's a feature. Seriously, I would not like to use OS (desktop use-case) which would, by default, not let one program use files created by another program.
IMHO In desktop use-cases prevention is better than cure. Well, maybe small exceptions exists such as browser isolation.

Quote:
This is why exploit mitigation is so important, and why it's so disappointing Linux (or FreeBSD, for that matter) hasn't been taking this as serious as some other platforms (i.e. OpenBSD).

Is it more or less secure than Windows 10? Perhaps, perhaps not. Who cares?
I see this as encouragement for FOSS community to take security more seriously.
"Errare humanum est." - I get that, but there are some ways to make software projects less error-prone. I think that you are focusing too much on a browser. I am not complaining on Chrome/Chromium team, because they are doing great job fuzzing and sandboxing (privilege separation) browser, but there are a lot of other software project such as PDF readers (Evince), multimedia players which doesn't use these techniques to improve security. Much of Gnu/Linux distros were reluctant to improve security by requiring programs to use ALSR (compile position independent code).
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #6   (View Single Post)  
Old 24th February 2017
backrow backrow is offline
Real Name: Anthony J. Bentley
Shell Scout
 
Join Date: Jul 2009
Location: Albuquerque, NM
Posts: 136
Default

Quote:
Originally Posted by e1-531g View Post
It's not a bug, it's a feature. Seriously, I would not like to use OS (desktop use-case) which would, by default, not let one program use files created by another program.
I feel the exact opposite. Programs I run as a user should only touch those files I explicitly give it permission to access. My PDF reader, my image viewer, my browser, my media player, my games and emulators, and my document formatter shouldn’t have the ability to scribble all over my ~ or upload my private files to a malware server just because I ran them under my userid.

I wish that on my desktop I had an operating system that prevents that. Alas, Unix is not yet up to the task (although you can approximate it a ton of manual work setting up extra users and aliases).
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems.
Reply With Quote
  #7   (View Single Post)  
Old 24th February 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Quote:
Originally Posted by backrow View Post
I wish that on my desktop I had an operating system that prevents that. Alas, Unix is not yet up to the task (although you can approximate it a ton of manual work setting up extra users and aliases).
I am using that kind of isolation for web browsers (different user in OpenBSD, combination of different user and low Integrity Level in Windows), but they are exceptions.

If I download video file from Youtube (using youtube-dl) I want to watch them in mpv media player.
If I download code from GitHub (using git), I want to open files via Vim or Geany.
If I download PDF file (using web browser), I want to open it inside Evince.
and so on
not to mention copy-paste, drag and drop

While I was learning and making projects during my studies at University I was reading literally tens of PDFs or even hundreds just for single ones of them. If I would do think about permission of files every single time I must open a different PDF file, I would probably run out of time and finish University without degree.
My point is that these programs should be secure. They are relatively less complex that web browsers, so they can be more secure.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase

Last edited by e1-531g; 24th February 2017 at 02:08 PM.
Reply With Quote
  #8   (View Single Post)  
Old 25th February 2017
backrow backrow is offline
Real Name: Anthony J. Bentley
Shell Scout
 
Join Date: Jul 2009
Location: Albuquerque, NM
Posts: 136
Default

Quote:
Originally Posted by e1-531g View Post
I am using that kind of isolation for web browsers (different user in OpenBSD, combination of different user and low Integrity Level in Windows), but they are exceptions.

If I download video file from Youtube (using youtube-dl) I want to watch them in mpv media player.
If I download code from GitHub (using git), I want to open files via Vim or Geany.
If I download PDF file (using web browser), I want to open it inside Evince.
and so on
But the act of opening a PDF in a PDF viewer is exactly the kind of explicit permission I’m happy with. What I’m arguing against is the ability that youtube-dl, mpv, Git, Vim, Geany, and Evince all have right now: they can read my SSH private keys, my tax documents, my family photos, my emails… and they can access the network, too.
__________________
Many thanks to the forum regulars who put time and effort into helping others solve their problems.
Reply With Quote
  #9   (View Single Post)  
Old 27th February 2017
e1-531g e1-531g is offline
ISO Quartermaster
 
Join Date: Mar 2014
Posts: 628
Default

Why would the movie player like to read and send your private keys? I guess this media player have been infected by malicious code. Somebody found a vulnerability in media player, then written exploit contained inside some media file. Exploit taken control over media player.

Your defending approach is to treat this program as untrusted and isolate from files (or deny permissions). There is one big problem with this approach: technically it's easy to break out of this isolation through kernel vulnerabilities or vulnerable userspace utilities, daemons with high privileges to gain privilege elevation.

Carefully crafted sandbox (privilege separation) *inside* a potentially vulnerable program is a better approach. During execution, the program divides itself into several processes and each of them drops as many privileges as they can. Even if somebody found a vulnerability, wrote exploit which circumvents mitigation techniques such as ALSR, W^X (we are talking about untrusted data, but this data is not interpreted as program so good luck), he still has to develop a way to break out of this sandbox. It's harder to found a way around because this carefully crafted sandbox restricts syscalls to a minimum.

If you want more empirical data you can visit Zerodium's web page about pricing for exploits.
https://www.zerodium.com/program.html

Of course, it's nice to have multilayer defense approach, but it's important to understand that second layer (program isolation, deny permission to files for whole programs) is typically weaker than the first layer.
__________________
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
Old 27th February 2017
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Quote:
Originally Posted by e1-531g View Post
Quote:
The problem seem to be mostly related to the tight integration of various userland components on the Linux desktop.
It's not a bug, it's a feature. Seriously, I would not like to use OS (desktop use-case) which would, by default, not let one program use files created by another program.
I don't think I ever argued for "not let one program use files created by another". Not sure where you got that from.

The problem is that various components are integrated, all of which can potentially – and in fact *do* – increase the attack surface. Integrating gstreamer and its gazillion plugins with the browser is a good example.
The various "glue" components only make things worse, as it makes everything pretty complex and difficult to understand. I can understand programs creating and accessing files and I understand how to prevent that. I don't understand how to prevent programs from accessing dbus for example.

Quote:
I am not complaining on Chrome/Chromium team, because they are doing great job fuzzing and sandboxing (privilege separation) browser, but there are a lot of other software project such as PDF readers (Evince), multimedia players which doesn't use these techniques to improve security.
The difference is that Chrome has one of the largest corporations on the planet backing it, whereas Evince or mpv do not and are primary written by people in their spare time :-) You can't really compare the two.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 7th March 2017
blackhole's Avatar
blackhole blackhole is offline
Spam Deminer
 
Join Date: Mar 2014
Posts: 316
Default

Quote:
Originally Posted by scottro View Post
To check, I guess you would have to check with Fedora, Debian, and Arch vs a Windows 10 install.
I don't think it's quite that simple. Windows has always had a lot of security features, but back in the XP days when "Windows NT" was literally rolled out to the "masses" at the beginning of the "internet revolution", none of these features were actually enabled by default or available in the "home edition". And of course the user was effectively running as root.

Things have changed and while some Linux fans might like to compare today's Linux with yesterday's Windows, that OS did get a lot more secure, post XP. Vista, despite it's problems, released with a plethora of security features and related improvements.

Linux has never been security focused. The security placebo of Linux has always been about not running as root and comparing that to something like Windows XP. The supposed security advantage of Linux is merely a comfort blanket as the vast majority of users know next to nothing about it. And when a vulnerability does crop up - the developers tend to close ranks and it's denial, excuses and heads in the sand from the fans...
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OEMs Allowed To Lock Secure Boot In Windows 10 Computers LeFrettchen News 12 23rd March 2015 02:48 AM
Linux Foundation struggles with Microsoft's Secure Boot signing service J65nko News 0 21st November 2012 08:44 PM
Open-sourcers suggest Linux secure boot block workarounds J65nko News 1 1st November 2011 12:20 PM
Windows 8 secure boot would 'exclude' Linux and BSD* J65nko News 6 24th September 2011 06:27 PM


All times are GMT. The time now is 09:25 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick