Daniel Micay, GRAPHENE OS LEAD DEV, talking about Linux Desktop :
The userspace Linux desktop software stack is far worse relative to the others. Security and privacy are such low priorities. It's really a complete joke and it's hard to even choose where to start in terms of explaining how bad it is. There's almost a complete disregard for sandboxing / privilege separation / permission models, exploit mitigations, memory safe languages (lots of cultural obsession with using memory unsafe C everywhere), etc. and there isn't even much effort put into finding and fixing the bugs. Look at something like Debian where software versions are totally frozen and only a tiny subset of security fixes receiving CVEs are backported, the deployment of even the legacy exploit mitigations from 2 decades ago is terrible and work on systems integration level security features like verified boot, full system MAC policies, etc. is near non-existent. That's what passes as secure though when it's the opposite. When people tell you that Debian is secure, it's like someone trying to claim that Windows XP with partial security updates (via their extended support) would be secure. It's just not based in any kind of reality with any actual reasoning / thought behind it.
Really, people just like saying that their preferred software stack is secure, or that open source software is secure, when in reality it's not the case. Desktop Linux is falling further and further behind in nearly all of these areas. The work to try catching up like Flatpak is extremely flawed and is a failure from day 1 by not actually aiming to achieve meaningful goals with a proper threat model. There's little attempt to learn from other platforms doing much better and to adopt their privacy and security features to catch up. It's a decade behind at this point, and falling further behind.
https://www.reddit.com/r/GrapheneOS/comments/bddq5u/os_security_ios_vs_grapheneos_vs_stock_android/
"BUT BUT MY LINUX IS HARDENED"
Madaidans, Dev for WHONIX
It's a common assumption that the issues within the security model of desktop Linux are only "by default" and can be tweaked how the user wishes; however, standard system hardening techniques are not enough to fix any of these massive, architectural security issues. Restricting a few minor things is not going to fix this. Likewise, a few common security features distributions deploy by default are also not going to fix this. Just because your distribution enables a MAC framework without creating a strict policy and still running most processes unconfined, does not mean you can escape from these issues. The hardening required for a reasonably secure Linux distribution is far greater than people assume. You would need to completely redesign how the operating system functions and implement full system MAC policies, full verified boot (not just for the kernel but the entire base system), a strong sandboxing architecture, a hardened kernel, widespread use of modern exploit mitigations and plenty more. Even then, your efforts will still be limited by the incompatibility with the rest of the desktop Linux ecosystem and the general disregard that most have for security. -
https://madaidans-insecurities.github.io/linux.html#hardening
>muh mandatory access control
https://www.mail-archive.com/[email protected]/msg44886.html
though doesnt pledge and unveil accomplish something similar?
pledge(2) is just seccomp (not MAC)
unveil(2) is sort of like apparmor, but really it is closer to a simple chroot.
There is an important difference between a chroot for sandboxing and MAC - which is alluded to in Theo's email.
With MAC, the sysadmin can brick their system and even root can get screwed.
With simple chroot-like sanboxing, the root user always has the ability to break out and have full control - and Theo argues that is indeed, a good thing.
NuSec Soidevs think its le heckin unsafe for le root to be super powerful
Linux is a kernel. And all of internet and our general infrastructure runs on Linux.
Seems secure enough to me.
Yes but they do everything to get rid of
GrapheneOS totally isolate the kernel
GrapheneOS also has longer term goals involving moving away from the Linux kernel to a microkernel with a Linux compatibility layer
>microkernel
BAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAHAH
So the man who would benefit from making normal linux sound insecure is saying normal linux is insecure? Just checking.
yep and those routers and IoT botnets exploits are because of troonix
It's never Linux that's exploited but the trashware IoT garbage that runs on top of it ..
>devs for irrelevant toy projects
Linus Torvalds was always right about security people.
>toy projects
so you mean Linux?
Isn't that the nutjob who thinks another Android ROM creator is riling neonazis up against him to kill him?
Not just another Android ROM dev. Most of the tech YouTubers who talk about him too. Rossmann, and Techlore IIRC.
I was writing into memory the other day and segfaulted out of nowhere. There appeared to be a memory hole at the pagr boundary just above where my program data had been loaded into memory, even though the system memory break was set to an address far beyond it. What gives?
THE WHOLE WORLD USES IT FOR SENSITIVE THINGS
>claims security nightmare
filtered, homosexual, kys, /thread.
SHould i trust a random man like you or Daniel Micay or Madaidans who are cybersecurity researchers ?
You just don't know what you are talking about
Anyone who thinks this means jack shit has never meet a "cybersecurity researcher" themselves. Most of them are complete midwits.
I googled "how to remove virus from computer" once. That technically makes me a cybersecurity researcher.
Micay is genuinely schizo, but he's right this once. But people solve it by only running trusted code to start with; for morons, there's SELinux.
>people solve it by only running trusted code to start with
You might be on to something. If you use Windows, Mac then you're running Microsoft, Apple code. You are never sure if that code is secure or not, or whatever services it runs in the background and the vulnerabilities that could bring. Funny how those security schizos never point this out.
>THE WHOLE WORLD USES IT FOR SENSITIVE THINGS
The whole world uses the user space Linux desktop?
Yes, there are security vulnerabilities in GNU/Linux distributions. I don't think anyone ever thought otherwise. No software is perfect in this regard, but GNU/Linux does a good enough job for many important systems.
Stop being sane
freedom is more important than security
all devices should be rooted
You are not free if you are not secured you golem
Yes if you voluntarily run malicious code on Linux you are fricked. Don't do that and you are fine
meanwhile linux trannies are curling | bashing script of the internet
>he thinks I would do that without reading the script first
can't remember the last time I did that.
fedora kinoite/silverblue should be enough: MAC with selinux enforced, read only system, secure boot and flatpak by default. if flathub let developers upload and sign software with their own key i don't see any other problems. why are they complaining so bad? solutions exist.
Flatpak aims to sandbox applications, but its sandboxing is very flawed. It fully trusts the applications and allows them to specify their own policy. This means that security is effectively optional and applications can simply choose not to be sufficiently sandboxed.
Flatpak's permissions are also far too broad to be meaningful. For example, many applications come with the filesystem=home or filesystem=host permissions, which grant read-write access to the user's home directory, giving access to all of your personal files and allowing trivial sandbox escapes via writing to ~/.bashrc or similar.
In the Flathub Github organisation, ~550 applications come with such permissions, which is ~30% of all repositories. While this percentage may not seem significant, it includes a considerable amount of applications that people will commonly use. Examples of such include GIMP, Eog, Gedit, VLC, Krita, LibreOffice, Audacity, VSCode, Dropbox, Transmission, Skype and countless others.
This all doesn't seem to make sense since if you're that paranoid you know that all you need to do is restrict access from host and home and whatever else you want from a flatpak permission manager like flatseal or straight from commandline flatpak to all flatpaks. Or better yet, only run trusted software
Thanks paGeetPT
>It fully trusts the applications and allows them to specify their own policy.
Yes? Literally that's how it all works.
Maybe you prefer big daddy corpo assigning rights they deem sufficient for each app?
>Applications that need access to your files to open/save them (like vlc) come with that permission.
More news at 11.
>muh "security" codetroon babble
I will literally never get a virus on linux, nor will I ever get hacked
On windows I could've
On linux literally 0 chance
dilate
Linux is a desktop kernel, you don't need that much security.
Securitytroons are funded by hardware companies to massively overstate the impact of exploits, to justify mitigations which are really done to get people to buy new parts.
>mitigations=off
Fantastic write-up, here's the problem: I will not have security used against me to restrict my freedom to use my device as I wish. When choosing between security and freedom I will ALWAYS choose freedom, every time. Give me liberty or give me death. Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. yada yada. My car's locks don't work and it hasn't been broken into yet, security exploits are rarely actually exploited in the wild.
=off
based, improves my computer under synthetic loads by 11%, huge!
>based, improves my computer under synthetic loads by 11%, huge!
More like ~30% under real workloads.
Exactly. I also happen to think that if someone is capable enough to exploit software, let them! I would rather get to know someone who enjoys escalating their privileges, than someone who enjoys restricting others.
also just unplug the internet cable
Depends on the CPU. Newer AMD CPUs can actually run slightly faster with mitigations because they're designed with them in mind.
>nooooo desktop linux should be locked down even further and made like ios
this guy seems to not know much about what he is saying from this. He say he dont even know where to start but the problems he talks are not even that bad, its always 'its not 100% security fixes, only 80%!!" or "not much effort put into fixing bugs!!' "not memory safe language recently developed!!!"
he dont even talk that on windows, once you download some program it can do whatever they want without you even noticing it, it can start downloading/uploading things, it can scan files etc. On linux it can do that too but at least majority of software is open source so you can actually see what it does.
permission management like flatpak is great but not the most secure thing, what matters if the app cant run without camera previleges? you will turn them ON. its great because you can turn off but not the most important thing if you understand me.
Doesn't matter because all the viable alternatives are a billion times worse security nightmares
No. He is specifically talking about the linux userspace. Unironically, Windows and Macos is technically more secure as a desktop. Just don't voluntarily install malware on it.
False information
I know it's a tough pill to swallow, anon. Leunuchs has become a disaster on all fronts, it's time to rethink the redditor propaganda you've been fed for years.
>Just don't voluntarily install malware on it.
So how 99% of malware works? You absolute fricking moron
Try connecting Windows XP to the internet.
You don't have a single clue on how computers work.
I do.
Anon, the fact you open a website and download everything is unavoidable.
You could protect yourself to not visit weird website, although you could not be sure any russo*d compromised that website.
This is only a matter for people with job. If you're a NEET relax, no one cares.
>https://www.reddit.com/r/GrapheneOS/comments/bddq5u/os_security_ios_vs_grapheneos_vs_stock_android/
>5 years ago
>the assumption of the thread is linux will never and has never improved securitywise in the past 5 years
>
>
>
nothing has changed. frick off Black person
honestly, I think the schizo is right.
kinda odd, though... he worked in the security team of Arch Linux. so I wonder, why didn't he help with that when he could?
Instead of posting on social media, go out and do better zoom zoom.
NSA thread
Linux is usee by governments for things like hosting healthcare databases. Intelligence agencies use it too.
It's just used differently, you only install trusted code and behind many firewalls.
Rust troony
Linux isn't perfect but things have not stayed the same.
- AppArmour
- SELinux
- Capabilities
- Extended Access Control Lists
those all existed when the post was written. nothing has changed, they haven't been implemented in practice
Ever noticed how they always bring up the threat model discussion whenever someone asks for or provides a serious privacy and anonimity advice and they try to persuade us to lower our expectations and use less private tools, but never the other way around?
I have yet to see a single thread where someone with a low threat model is told that their threat model doesn't make sense and that they should try to put some effort into avoiding NSA/feds/actual adversaries and not just "surveillance capitalism".
This is a psyop to make us stop caring about avoiding actual surveillance.
Stop threat modeling. Always try to achieve the best possible privacy and anonimity.
>Always try to achieve the best possible privacy and anonimity
>he says, on a cloudflare using website, on the internet
Android and other phone OS security model is designed to protect dumb users from themselves.
If Linux ever adopts that nanny OS model, I'll switch to BSD.
>BSD
https://www.openbsd.org/security.html
https://www.openbsd.org/innovations.html
That's security done right.
Keep code secure and don't run unnecessary crap vs Android's run a frick ton of unnecessary insecure shit but it's okay because of extra layers of sandboxing.
amen
i secure my phone and disks so i can easily throw then into any recycling dump, without having to worry about dumpster divers stealing my data.
so grapheneos and disk encryption works great for that.
worrying about security and isolation of linux desktop apps is a waste of time, it will never be fixed.
if the mossad wants to steal my 500 episodes of naruto through git repo attack that bleeds into arch, well then they can have my naruto.
Don't care
Still loving Japan and using GNU/Linux in my country
>Daniel Micay
total schizo, not reading any more. he stole most of GrapheneOS from CalyxOS. Louis Rossman was right about Daniel
>[e-celeb fud]
Securitygays are part of the glowBlack person agenda to tivoize gnu/linux with remote attestation through the TPM botnet and systemd.
https://0pointer.net/blog/fitting-everything-together.html
Real security comes from not running garbage code while connected to the internet. Not from shoving IBM funded jeetery down everyone's throats and then wrapping it in insecure sandboxes made by people who use security as an excuse to attack old software. No CPU mitigation, kernel subsystem or desktop security meme like reproducible immutable flatpak wayland distros is going to make the slightest difference in the number of CVEs found in the kernel or IBMHat's cancerous software. IBM bought red hat to supercharge their effort turn to linux into a locked down windows enterprise and server competitor.
>https://0pointer.net/blog/fitting-everything-together.html
The Linux desktop is getting worse, not better. The people working on it don't care about the same things as normal users.
Skill issue. Just roll your own.
This. And there's zero evidence any ~~*software bugs*~~ even exist, it's the same shit gays who around talking about thing they know nothing about. The TPM was designed to enslave users, there's no proof any security password keys or whatever made up bullshit work or exist.
FRICK OFF WITH YOUR SHITTY SAND BOXING ON A DESKTOP OS
GET A FRICKING LIFE Black person
Look, chuds, it's for the best you just use the Windows operating system that comes with the computer you bought. It's for your own good.
it's true
the only thing that saves linux is that no one uses it so no one cares
linux does something grapheneos seems like it can't do - make a decently viable alternative to the proprietary OSes it replaces for most users
Linux has always been a nightmare. I use it because it works well enough, and the popular alternatives are akin to raw sewage.
Don't care + didn't ask + not using your spyware OS + ywnba real programmer you will always be a subhuman streetshitter + I'll eat a juicy steak tonight just to piss you off
streetshitters use android though
source ?
I finally switched to Linux when Windows couldn't even open Calculator anymore because of... who the frick knows??
I am using Linux (Fedora) as well and i prefer it
But it would be good if we get more security
>because of...
user is clearly moronic that's why
>caring about security on the desktop
Are you moronic, a pedophile or schizophrenic?
Why ?
>reddit
>Madaidans
into the trash
Maybe if all the "Linux security researchers" weren't total schizoid autists that can't work with anyone without sperging out, taking their ball, and going home we wouldn't be in such a situation.
Please red pill me again,
Why the frick should we be caring about what a google botnet software dev says about linux.
This obsession with sandboxing, process isolation, flatpak, and memory safe languages is the most cringed cucked shit I've ever seen in my life.
Agreed. I don't want to have to click through a bunch of "allow x permission" dialogs like an iToddler to use my computer. If I install something, then I trust it with access to my computer. If I don't trust something, I don't install it.
this guy is a literal schizo, but it's funny how he shills macs over openbsd. If you read his other posts in the thread he talks about openbsd not being secure either.
madaidan says the same thing about openbsd, he used to have a page detailing why it wasn't secure but it was deleted
they both have the same approach to OS security
Reminder that is what is "theoretically more secure" doesn't matter. In practice, Windows was, is, and will always be significantly more insecure than Linux.
I think a firewall is sufficient.
>mitigations = off
Cry more.
true my linux computer isnt the most secure but its more performant than windows!