Announcement

Collapse
No announcement yet.

Ubuntu Snap's Security Is Easily Circumvented Due To X11

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Ubuntu Snap's Security Is Easily Circumvented Due To X11

    Phoronix: Ubuntu Snap's Security Is Easily Circumvented Due To X11

    Matthew Garrett has taken time away from working on his new SATA power management patches for the Linux kernel to share his thoughts on Ubuntu's Snap packaging format and its security...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    Security, what a silly concept.


    Comment


    • #3
      Originally posted by bulletxt View Post
      Security, what a silly concept.

      Get hit once by a ransomware and you will see how important it is.

      Comment


      • #4
        Originally posted by Passso View Post

        Get hit once by a ransomware and you will see how important it is.
        They have Ransomware on Linux now?

        Comment


        • #5
          Originally posted by Mike Frett View Post

          They have Ransomware on Linux now?
          Yes they have.

          Comment


          • #6
            Originally posted by Mike Frett View Post

            They have Ransomware on Linux now?
            The day Linux hit 10% marketshare on desktop, they will have a lot.

            ((just an example : http://ubuntuforums.org/showthread.php?t=2207776)
            Last edited by Passso; 22 April 2016, 04:42 AM.

            Comment


            • #7
              In the future, could the se of Xwayland/Xmir be used for these sandboxed applications in order to gain the necessary security?

              Each sandbox/application could have its own x-server so there would be no leakage of data between sandboxes.

              Comment


              • #8
                Good thing they're developing Mir.

                Ah wait, they decided to branch Mir from Wayland, so there's not a snowball's chance in hell they have the resources to employ proper security in their display server. Shame.

                Comment


                • #9
                  Originally posted by Passso View Post

                  The day Linux hit 10% marketshare on desktop, they will have a lot.

                  ((just an example : http://ubuntuforums.org/showthread.php?t=2207776)

                  I suspect that by the time that happens, "desktop" won't be a significant market at all. (ie. only used by developers and the like)

                  Comment


                  • #10
                    I haven't looked into snap but is it just an scheme to have apps instead of packages ?

                    I mean with a package you have some team somewhere developing a free program and some team somewhere developing a distribution, and there's some integration into the distribution, so the program is at least compiled and tested by somebody else than the author and so has some review. Dependencies are fewer (globally, meaning that the distro tries to use the same lib for many programs whenever possible, etc.), and the side effects of the combination of programs are more or less more tested by a bigger number of users.

                    With apps you simply throw the integration and testing out the window in order to have whatever application someone writes and noone has tried running in your distro. Since that is more dangerous you add containers or sandboxes or some kind of barrier between the app and the system. Then you have to find some way to comunicate across the barrier so that apps can do anything useful with your network or files or screen or input devices or something. And then you wonder you may have security troubles ?

                    I think the solution is the old way of simply having distribution maintainers selecting, checking, adapting and integrating the upstreams and the distribution users testing a somewhat more coherent corpus so that you can have more confidence on what you run.
                    If that doesn't work for proprietary applications, much better (for freedom, security, conflicting business interests, etc.).

                    Is my intuition wrong and out of date ?

                    Thank you if someone enlightens me.

                    Comment

                    Working...
                    X