this post was submitted on 28 Jan 2024
37 points (80.3% liked)

Linux

48328 readers
632 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
 

I found this really old blog post and it still applies today.

We don't really have antiviruses, and thats nice. But we have a huge monolithic kernel, we have random executable files all over the filesystem, we have systems that to this day often dont even update without elevated privileges.

Android took Linux and fixed it, long ago. You dont even have root! Their app ecosystem is often very restricted by design though, as its a phone OS.

Desktop Linux needs to get more secure, compartimentalized, perfectly usable

  • without sudo privileges
  • without apps having read/write access everywhere
  • without X.Org
  • with portals, control, Wayland, Pipewire, Flatpak
  • with a split up kernel, drivers in userspace, adapted to the actual hardware you are running
  • with as much hardening applied as possible to simply shut off everything you dont need.

I guess there are many great projects out there that try to create exactly such a system

  • musl, busybox
  • RedoxOS
  • hardened_malloc, *BSD software

Can you recommend more software that is secure by design? The blog author mentioned Postfix.

top 13 comments
sorted by: hot top controversial new old
[–] possiblylinux127@lemmy.zip 24 points 10 months ago

Android is very much not better Linux

[–] MNByChoice@midwest.social 21 points 10 months ago

I disagree with the premise that Android is Linux "fixed". Sudo is a bridge for privilege compartmentalization. There is root on Android.

And for many of those points there is a solution, but not one many want to use. SELinux is poorly document and has a bad reputation, but does work. File systems can be mounted as to not execute anything on them.

Good topic idea though, I just disagree with the specific examples.

[–] vrighter@discuss.tchncs.de 11 points 10 months ago

have you used android? As a dev, I mean

[–] otl@hachyderm.io 9 points 10 months ago

@Pantherina You might be interested in looking into the Plan 9 operating system. The original designers of Unix (on which Linux and BSDs are based) created the OS with lots of interesting ideas built into the core of the system, rather than bolted on afterwards. No root, userspace drivers, others you mentioned are explored.

Take a look: https://p9f.org

[–] thegreekgeek@midwest.social 8 points 10 months ago (1 children)

The Universal blue project checks some of these boxes I think. It's a toolset for rolling your own immutable images based distros like Fedora Silverblue and Bazzite.

[–] Pantherina@feddit.de 0 points 10 months ago (1 children)

Check out Secureblue, I am using that currently. Just firefox doesnt work, I hope that gets fixed by the Fedora Devs (and then it needs to either be not installed by ublue or not removed by secureblue, as installing a removed package doesnt work poorly)

Apart from that at least the things I mentioned are all not ticket.

[–] quarterlife@lemmy.sdf.org 1 points 9 months ago* (last edited 9 months ago) (1 children)

We (ublue) remove Firefox and install the flatpak because you want your browser to update when it needs to update, and not only when your OS image updates.

[–] Pantherina@feddit.de 0 points 9 months ago (1 children)

Even on the main images?

The problem is rpm-ostree override removeing it makes it impossible to reinstall as a native package.

[–] quarterlife@lemmy.sdf.org 1 points 9 months ago (1 children)

Those we leave alone, they're really only meant as a base for other images anyway.

Not being able to relayer it is a good thing in this case, you don't want the browser to have any limits on when it can update.

If you need something other than the flatpak, I would recommend installing it in a Fedora distrobox and exporting it.

[–] Pantherina@feddit.de 0 points 9 months ago

Browsers need usernamespaces to isolate Tabs from another. At least thats how Chromium does it, and I think Firefox does too.

Flatpak Chromium browsers are very experimental, Zypak is a thing and it sounds nice, spawning a seperate flatpak process instead. But its probably less secure than what is officially supported.

This is why there is no official Flatpak Chromium Browser, Vivaldi actively decided against because of that thing. The Chromium Flatpak does something better, but this was (at least some time ago) not done in other Flatpak Chromium Derivates.

Firefox is supposedly more compatible with the restrictions of Flatpak as it doesnt use user namespaces, but there also is no statement on how they do it, how it can be equally secure etc.

Browser can be best ran in Bubblejail, allowing user namespaces but the rest being blocked just as in Flatpak. The issue is simply that the bubblewrap in Flatpak uses a single seccomp filter, while just Browsers should be allowed to spawn user namespaces.

I am not sure about Distrobox, the Apps are spawned in a seperate user namespace but I suppose they can still use user namespaces anyways. But this is unnecessary overhead without any reason. One could isolate the Distrobox from the system, but portals dont cover that afaik.

So it stays a no. I think if the main image would not include Firefox, projects like Secureblue wouldnt need to actively remove Firefox so users could still layer it regularly. The problem is with having it included and downstream Distros removing it via an override.

[–] Oisteink@feddit.nl 7 points 10 months ago

I’m not sure what you mean about without sudo - if there’s a root account logging over isn’t more secure than SU or SUDO. At some point you trust someone with root access either by ssh key, password or sudo abilities.

Openbsd har a rather stellar security history, but there’s still root.

Also there’s still root on Android, so I don’t agree with your point of “Android fixed Linux”. You don’t need to elevate to install software, but the software you install can elevate (https://www.tomsguide.com/round-up/best-root-apps)

In what way is the need for privileges for system stuff like boot config solved without root?

[–] driveway@lemmy.zip 3 points 10 months ago* (last edited 10 months ago) (1 children)

Linux is not going to stop being monolithic. That's why AOSP is looking into swapping out the kernel.

[–] Pantherina@feddit.de 1 points 10 months ago

I mean, HarmonyOS supposedly already did. Poorlyt his will only apply for custom SOC OS' which have their one-device-one-OS anyways.