Announcement

Collapse
No announcement yet.

Fedora 37 Looks To Make pkexec Optional For Improved Security

Collapse
X
Collapse
 
  • Page of 3
  • Filter
  • Time
  • Show
Clear All
new posts
Previous 1 2 3 template Next
  • #1

    Fedora 37 Looks To Make pkexec Optional For Improved Security

    Phoronix: Fedora 37 Looks To Make pkexec Optional For Improved Security

    Following the nasty local privilege escalation vulnerability that was disclosed last month for Polkit's pkexec, Fedora developers are hoping to make pkexec optional later this year with Fedora 37...

    Fedora 37 Looks To Make pkexec Optional For Improved Security - Phoronix
    https://www.phoronix.com/scan.php?page=news_item&px=Fedora-37-Optional-pkexec
    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
    Tags: None
  • #2
    This is where OpenBSD shines by splitting programs into different parts and using pledge and unveil system calls to restrict the subprocesses. I've written numerous papers on the subject as part of my masters degree. Only thing that keeps me from using OpenBSD as a daily driver is a few little things like gaming, but the day grows closer every 6 months with a new release that I will eventually be daily driving OpenBSD.

    Comment

    • #3
      Originally posted by kylew77 View Post
      Only thing that keeps me from using OpenBSD as a daily driver is a few little things like gaming, but the day grows closer every 6 months with a new release that I will eventually be daily driving OpenBSD.
      Agreed. I made the switch a long while back and although Linux has many great things, I have never been fully tempted back.

      As for games, Steam's DRM service, which I won't engage with has pretty much killed them for me anyway. Some larger ones for OpenBSD that are quite fun are:

      GitHub - osen/openhl: Digital preservation of Half-Life
      https://github.com/osen/openhl
      Digital preservation of Half-Life. Contribute to osen/openhl development by creating an account on GitHub.

      GitHub - jonathangray/rtcw-sp-openbsd: Return to Castle Wolfenstein Single Player GPL Source Release
      https://github.com/jonathangray/rtcw-sp-openbsd
      Return to Castle Wolfenstein Single Player GPL Source Release - jonathangray/rtcw-sp-openbsd

      GitHub - jonathangray/doom3-openbsd: Doom 3 GPL source release adapted to OpenBSD
      https://github.com/jonathangray/doom3-openbsd
      Doom 3 GPL source release adapted to OpenBSD. Contribute to jonathangray/doom3-openbsd development by creating an account on GitHub.
      • Likes 2

      Comment

      • #4
        Originally posted by kylew77 View Post
        This is where OpenBSD shines by splitting programs into different parts and using pledge and unveil system calls to restrict the subprocesses. I've written numerous papers on the subject as part of my masters degree. Only thing that keeps me from using OpenBSD as a daily driver is a few little things like gaming, but the day grows closer every 6 months with a new release that I will eventually be daily driving OpenBSD.
        Can you expand more on this topic? What is pledge/unveil?
        • Likes 1

        Comment

        • #5
          Originally posted by mdedetrich View Post

          Can you expand more on this topic? What is pledge/unveil?
          https://lwn.net/Articles/767137/ and closest Linux equivalent now is landlock, refer to https://lwn.net/Articles/859908/ and seccomp etc has been achieved to do similar privilege separation.
          • Likes 5

          Comment

          • #6
            Originally posted by kylew77 View Post
            This is where OpenBSD shines by splitting programs into different parts and using pledge and unveil system calls to restrict the subprocesses. I've written numerous papers on the subject as part of my masters degree.
            the fact that you are unaware of linux counterparts doesn't mean that they don't exist, it only means lack of education on your part
            • Likes 3

            Comment

            • #7
              Originally posted by pal666 View Post
              the fact that you are unaware of linux counterparts doesn't mean that they don't exist, it only means lack of education on your part
              I think the point is that Linux counterparts exist, but they are terrible in comparison either because they are so convoluted that most developers don't bother using them (which from a security standpoint is failure) or the security is being applied by the wrong party.

              Lately Linux seems to be just copying security mechanisms from BSD's basically because the implementation is both simple and also solves the problem.
              • Likes 4

              Comment

              • #8
                Originally posted by mdedetrich View Post

                I think the point is that Linux counterparts exist, but they are terrible in comparison either because they are so convoluted that most developers don't bother using them (which from a security standpoint is failure) or the security is being applied by the wrong party.

                Lately Linux seems to be just copying security mechanisms from BSD's basically because the implementation is both simple and also solves the problem.
                Not to mention one set of distros will use AppArmor, others SELinux, there are umpteen different sandbox methods with different levels of support...

                They say there is more than one way to skin a cat. Somewhere around learning way 27 is when I decided to pick one way and stick with it.

                Comment

                • #9
                  Originally posted by kpedersen View Post

                  Agreed. I made the switch a long while back and although Linux has many great things, I have never been fully tempted back.

                  As for games, Steam's DRM service, which I won't engage with has pretty much killed them for me anyway. Some larger ones for OpenBSD that are quite fun are:

                  GitHub - osen/openhl: Digital preservation of Half-Life
                  https://github.com/osen/openhl
                  Digital preservation of Half-Life. Contribute to osen/openhl development by creating an account on GitHub.

                  GitHub - jonathangray/rtcw-sp-openbsd: Return to Castle Wolfenstein Single Player GPL Source Release
                  https://github.com/jonathangray/rtcw-sp-openbsd
                  Return to Castle Wolfenstein Single Player GPL Source Release - jonathangray/rtcw-sp-openbsd

                  https://github.com/jonathangray/doom3-openbsd
                  I don't mind the DRM as much as I mind the 30% Steam Tax.
                  • Likes 1

                  Comment

                  • #10
                    Originally posted by skeevy420 View Post

                    I don't mind the DRM as much as I mind the 30% Steam Tax.
                    • 30% Steam tax makes it needlessly expensive
                    • Steam DRM makes it so you are effectively only renting games

                    Together... nah, no thanks.

                    Comment

                    Previous 1 2 3 template Next
                    Working...
                    X