Originally posted by Passso
View Post
Announcement
Collapse
No announcement yet.
Ubuntu Snap's Security Is Easily Circumvented Due To X11
Collapse
X
-
Originally posted by pal666 View Postlinux hit 80% marketshare on smartphone long ago, did they have a lot ?
But just surf on the web at bad places or install too many "bubble games" and you will see pop ups coming from nowhere every few seconds...
Comment
-
How "enlightening". Installing applications from untrusted sources is dangerous regardless of the format, snap, deb, rpm etc. Everybody knows that, and if he watched Ubuntu On Air where snaps were discussed X11 was mentioned as a "problem" and how that will be solved by switching to Mir, until then users should use common sense and install snaps from Ubuntu Store and trusted sources. I think some people are blowing snaps out of proportion, they are here to allow easy updating of applications, not to magically solve any and all security issues on Linux. They might do to that when paired with Mir display server with its sandboxed approach, but until that happens use common sense. The guy basically "proved" what was already known, X11 is insecure in some aspects and that cannot be fixed without switching to another display server, therefore all packaging systems/applications are inherently vulnerable because of access to X11. That is not the fault of snaps in this case, but of X11. Wayland and Mir will solve these issues.Last edited by Cerberus; 22 April 2016, 07:05 AM.
- Likes 5
Comment
-
Originally posted by You- View PostIn the future, could the se of Xwayland/Xmir be used for these sandboxed applications in order to gain the necessary security?
Each sandbox/application could have its own x-server so there would be no leakage of data between sandboxes.
Comment
-
Originally posted by phoron View PostIs my intuition wrong and out of date ?
Joe sixpack will lap these new packages up, as it will enable Ubuntu to have the latest Firefox, Chrome, Steam, etc. on release day. But the security and the stability of these packages hinge on the ability of the Snap builder to maintain the Snaps in a responsible way.
In the future there may be another problem, since Snaps are self-contained and only minimally need OS services, Ubuntu might find themselves in the same position as MS in a few years. Old, crummy (and potentially insecure) software from a bygone decade still running on a more modern OS.
A repository based distro with shared dependencies doesn't have that problem. Stale software (e.g. abandonned proprietary software) eventually falls by the wayside as its dependencies are no longer provided.
- Likes 2
Comment
-
Originally posted by Passso View PostNot. Basically because Google Play only allows the software's installation from its trusted servers. After that the low level functions are not available from the API (unless you root your phone) so that harmful scripting is very very limited.
btw, android has checkbox, allowing installation from anywhere
Comment
Comment