oss-sec mailing list archives
Re: major changes if gnu/linux dominates the desktop and/or mobile market?
From: Solar Designer <solar () openwall com>
Date: Tue, 9 Feb 2021 16:48:29 +0100
Hi, Here are a couple of updates on what was said in this thread earlier. Things started changing regarding home directory permissions on Ubuntu: https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2020-November/018842.html https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533 Alex Murray from Canonical proposed "that it is time we moved ahead and stopped creating home directories as world-readable on Ubuntu". Later he added: "since there was no opposition to this proposal, I have uploaded updated adduser and shadow packages to hirsute-proposed to support setting the mode of home directories to 750 by default when they are created via either adduser or useradd." On Mon, Oct 19, 2020 at 01:22:49PM +0200, Solar Designer wrote:
On 10/5/20 2:48 PM, Solar Designer wrote:Then there's the trend towards having a desktop-like Linux system on mobile devices again. Before Android, we had e.g. Maemo and MeeGo. Now we have e.g. Ubuntu Touch, postmarketOS, and Sailfish OS. As far as I'm aware, so far this means lack of isolation between the apps just like we have on the desktop.BTW, there's a Russian security-hardened fork of Sailfish OS called Aurora. I've skimmed and searched its user's manual (in Russian) for any mentions of isolation between the apps - found nothing, so I assume there's none. (This isn't to say they haven't implemented any security changes - I think they have. An interview I read with their CEO looked surprisingly reasonable. However, it appears that addressing cross-app attacks is completely out of their focus.)
The release notes for Sailfish OS 4.0.1 include this: "Contributions from Aurora OS [...] Security: Isolation of applications (a.k.a. application sandboxing) implemented for the platform (core) apps, based on Firejail app sandboxing." Alexander
Current thread:
- Re: major changes if gnu/linux dominates the desktop and/or mobile market? Solar Designer (Feb 09)