Developments in Linux security

dyscoria · 2010-12-03 14:39:05

Chrome to run Flash Player in sandbox
Something like this has been long overdue. I'm glad to see Google and other projects working on browser security, which is a key and common vector through which security can be compromised. Mozilla is also working on the Electrolysis project for the Firefox browser but I'm not sure how far along this project is. Looks like it is only really being implemented for Fennec so far.

I currently run flashplayer only within a qemu/kvm session, which in turn (along with the rest of the host OS) is locked down with TOMOYO Linux (mandatory access control). Some call me unreasonably paranoid With some common sense, it's not entirely implausable to completely avoid being compromised. I would probably be fine without these measures, but security is more of a hobby of mine rather than an OCD. But of course you can never be too sure.

This web document, detailing the system hardening plans that the Chromium OS project has in place, is a very interesting read.

Running X as non-root is something that is also on the (hopefully not too distant) horizon. The whole idea of running X as root with the remote capabilities now seems like a severely conflated design (a concept discussed during a recent series on LWN.net). Buffer overflows are also being dealt with by changing compile flags and the NX bit (and NX bit emulation for x86 computers without it), and ASLR/PIE may become standard for distributions. Linux security is improving yet further from an already pretty secure base

Without this converging into MS vs Linux, Chromium vs Firefox, or X.org vs Wayland, I just wanted to get some discussions about security going. Who on Arch Linux has had security compromised? Or while using a different OS? Who uses a MAC implementations on Arch? Any paranoid users? Any security hobbyists? I take all these measure to defend myself, but have never in fact known of a time where these defences have prevented some compromise of security, even on Windows!

Last edited by dyscoria (2010-12-03 14:58:41)

TheCox · 2010-12-04 15:11:29

I just stick to basic security measures at home: firewall, good passwords, don't run things as root, etc. I encrypt my hard drive on my laptop, and I might take an extra step or two at work so I don't get fired (selinux, ssl keys, etc).

I have yet to see a *nix computer compromised, so it's not worth the time for me to take any further security measures on my desktop. I think most Linux users feel the same way, so any developments in security will need to be transparent to the user to see widespread adoption.

dyscoria · 2010-12-05 17:41:37

Yes that's true. Most users don't want to go out of there way too much to ensure security. This is why I like what Google are doing with Chrome/Chromium. Browsers have been a security risk since the beginning of time, and even worse when Flash came along and became standard (damn you Adobe!).

Fedora did well with SELinux as well (eventually) to be able to get things to work without too much (ideally none at all) user interaction. I think when it was first introduced, the first thing most guides told people to do was disable SELinux. But I think that is no longer the case.

Having said that, thorough security measures always require work from the user. Non-root X and sandboxed browsers are a good place to start though.

Last edited by dyscoria (2010-12-05 17:42:15)

Arch Linux

#1 2010-12-03 14:39:05

Developments in Linux security

#2 2010-12-04 15:11:29

Re: Developments in Linux security

#3 2010-12-05 17:41:37

Re: Developments in Linux security

Board footer