Announcement

Collapse
No announcement yet.

Fedora 35 To Support Restarting User Services On Package Upgrades

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by kreijack View Post

    . What I mean is that a sandboxed app is:
    - not useful if it can't access to the user files
    or
    - not really secure if it can access the user files
    Not quite. It is not simply whether you want to access to user files or not at a broad level. Sandboxing allows you to select specific files that are made available while restricting access to the rest on a per application level and that limits the surface area of application vulnerabilities heavily.

    Comment


    • #22
      Originally posted by uid313 View Post
      The problem with .deb and .rpm is that they're not sandboxed and are free to do anything.
      On Android, iOS and Universal Windows Platform (UWP) the applications have to ask permissions that you can allow deny.

      With RPM an application can access your webcamera, access your location, access the network, access Bluetooth, etc.

      With Snap and Flatpak you can sandbox applications, but I believe that each Snap gets mounted at system boot time hence adds time to the startup time of the system.
      You can have a try of firejail which is capable of sandboxing any program installed on your computer (including the ones that are manually installed).

      Comment


      • #23
        Originally posted by uid313 View Post
        The problem with .deb and .rpm is that they're not sandboxed and are free to do anything.
        On Android, iOS and Universal Windows Platform (UWP) the applications have to ask permissions that you can allow deny.
        Meh, I fail to see the problem. Android, iOS, and UWP use the App Store model, whereby 3rd party publishers produce the content. The App Store curator only does a cursory check to make sure the app is not overtly malicious, it's a constant effort to weed out malware and scams, and even then they fail at it pretty regularly.

        With Fedora (I assume Debian is similar), it is the distro that does the compiling and packaging of the software. The distro has a lot more technical ownership than in the App Store model. Fedora RPM repo is a white list of known good packages, vs. App Store which tries to black-list known bad packages as they are identified. When it comes to security, the white-list model is always more secure.
        Last edited by torsionbar28; 16 August 2021, 11:21 PM.

        Comment


        • #24
          Originally posted by torsionbar28 View Post
          Meh, I fail to see the problem. Android, iOS, and UWP use the App Store model, whereby 3rd party publishers produce the content. The App Store curator only does a cursory check to make sure the app is not overtly malicious, it's a constant effort to weed out malware and scams, and even then they fail at it pretty regularly.

          With Fedora (I assume Debian is similar), it is the distro that does the compiling and packaging of the software. The distro has a lot more technical ownership than in the App Store model. Fedora RPM repo is a white list of known good packages, vs. App Store which tries to black-list known bad packages as they are identified. When it comes to security, the white-list model is always more secure.
          But I also download .deb packages from the internet and add third-party Personal Package Archives (PPA). I also download and run games packaged as .tar.gz and extract them and run the executable files inside.

          Comment


          • #25
            Originally posted by kreijack View Post

            Flatpack and/or Snap are a different model than the historic linux distribution

            The former model sandboxes each application from the others. It is good if you have a "store" which is not (don't want to be) responsible of the applications.
            Pro:
            - fast app update
            - is difficult that an application can damage the others
            Cons:
            - a lot of code is replicated (each 'app' brigs its own dependencies)
            - each application is not very integrated to the others
            - the security updates relies to the single app publisher, which has to be in charge not only of the app itself, but also of the dependencies too

            The latter model is based to a "community" voluntary based which integrate each packages with the system;
            Pro:
            - less code duplication
            - the dependencies are shared, so all packages benefit of a dependency update
            - each packages has an "independent" reviewer, the packager who is a different entity from the author
            - better security management: each packager is responsible only of its own package
            Cons:
            - slower update rate

            Pay attention that the packages which restart a service, typically are the ones which are not eligible to be sandboxed: a ssh server or a systemd-package are near to impossible to sandbox...

            Moreover, in the app model (look at the phones) the apps do access to the webcamer, my location.. etc. Instead a debian or a fedora packages even if they can access , they don'taccess to these resources. This due to the review process described above. This is the most important differences.

            Let me say it in another world: in the app model the sandboxing is needed because everyone (even bad person) can publish an app. You can't publish a debian (or a fedora) official package without be involved/checked by the packagers crew. This is a very strong filter. Look at many packages exist and how many security problemw exist.

            Obviously if you get a .rpm (or a .deb) package from a forum and install it without any check... it is likely that you will encounter problem :-)

            Anyway my bigger critics to the sandboxed app, is that the resource most important that has to be protected is not the webcam, but the user files. An app (even sandboxed) that can access the user files is a risk for these files: i.e. the app can share the files with other, or it can crypt the files... On the other side if you avoid the user files access to the sandboxed apps, these can't cooperate (think about to libreoffice that open a file download by the web browser...). What I mean is that a sandboxed app is:
            - not useful if it can't access to the user files
            or
            - not really secure if it can access the user files
            Sandboxed applications could be limited in scope to access /tmp and certain directories. Example a photo or image editor could be restricted to $HOME/Pictures, a video player or video editor could be restricted to $HOME/Videos and $HOME/Downloads, a music player or music maker could be restricted to $HOME/Music, an office application or text editor could be restricted to $HOME/Documents and $HOME/Downloads.

            It could also have a permission popup that asks the user, "Application Foo requests read-only access to /media/, do you wish to grant access"?

            Comment


            • #26
              Originally posted by uid313 View Post
              Sandboxed applications could be limited in scope to access /tmp and certain directories. Example a photo or image editor could be restricted to $HOME/Pictures, a video player or video editor could be restricted to $HOME/Videos and $HOME/Downloads, a music player or music maker could be restricted to $HOME/Music, an office application or text editor could be restricted to $HOME/Documents and $HOME/Downloads.
              The question is: WHY ? The Linux (and derivate) systems are capable of controlling access via access modifiers and acls. We are not on Windows where 99% of the people are logged in as Administrator.

              I recall perfectly when Apple announced sSandboxing and closing of their OS where plenty of Apple related sites have been filled up by people complaining that Apple "restricts" user access. Another example is that people always search an attempt to root or jailbreak their phones to get "full access" to the device. And on Linux people start creating exactly these mechanisms that people usually dont really want.

              Originally posted by uid313 View Post
              It could also have a permission popup that asks the user, "Application Foo requests read-only access to /media/, do you wish to grant access"?
              Please also implement all these requesters like on Windows where you are asked half a dozen of times whether you want to really delete a file or not. Its exactly all this nonsense that drove me away from Windows - 30 years ago.

              Comment


              • #27
                Originally posted by Candy View Post
                The question is: WHY ? The Linux (and derivate) systems are capable of controlling access via access modifiers and acls. We are not on Windows where 99% of the people are logged in as Administrator.
                As far as I know, Linux doesn't even have advanced ACLs, just the basic POSIX ACLs which are user:group:world in rwx, like rwxrwxrwx.
                Also, I wouldn't kmow how to setup ACLs for each application.

                On other platforms it is easy, where the user gets prompted for permissions.

                Originally posted by Candy View Post
                I recall perfectly when Apple announced sSandboxing and closing of their OS where plenty of Apple related sites have been filled up by people complaining that Apple "restricts" user access. Another example is that people always search an attempt to root or jailbreak their phones to get "full access" to the device. And on Linux people start creating exactly these mechanisms that people usually dont really want.
                The problem with Apple is not that they sandbox applications, that is a good thing, as do Android, the thing people have issue with is that Apple locked down their platform into a walled garden where the user lacks control and cannot install anything that is not in the App Store.

                Originally posted by Candy View Post
                Please also implement all these requesters like on Windows where you are asked half a dozen of times whether you want to really delete a file or not. Its exactly all this nonsense that drove me away from Windows - 30 years ago.
                On Windows you don't get asked half a dozen times if you really want to delete a file, or any other questions half a dozen times. Yes, the UAC in Windows Vista asked a lot, but that was back then, I believe Windows 10 generally asks less than Linux.

                Also for permissions, its not ask all the time, its just ask the first time you run the application, unless you only grant it a temporary one-time permission in which case you would need to grant it again the next time. Or you can have apps get all permissions granted at install, then have no questions asked from the user and the app have access unless the user goes into the permission manager and explicitly revokes a permission.

                Comment


                • #28
                  Originally posted by uid313 View Post
                  On other platforms it is easy ...
                  You are clearly using the wrong platform then.

                  Comment


                  • #29
                    Originally posted by andyprough View Post
                    Fedora stealthily climbing up out of the grave, dragging rpm and systemd along like a dog dragging the lightpost he was chained to down the street.

                    This is called "progress". After 18 years in existence, users won't have to restart the entire computer after every simple update.
                    zypper ps shows, for years now, which services/apps have been updated (including the library) and it even tells you after the zypper up if you should reboot or not. and it's in there for years now

                    Comment


                    • #30
                      Originally posted by szymon_g View Post

                      zypper ps shows, for years now, which services/apps have been updated (including the library) and it even tells you after the zypper up if you should reboot or not. and it's in there for years now
                      Sure, that's no different from the equivalent functionality in yum/dnf

                      Comment

                      Working...
                      X