Linux is deeply flawed. No GUI isolation!

ArchNemesis

New Member
Joined
Dec 26, 2022
Messages
9
Reaction score
1
Credits
78
Hi pleasure to be here. I have 2 part question for you all,



So I heard that Linux has no GUI isolation!

In other words, each program can see the others. For example if I have firefox open with a malicious Javascript website and a GUI password manager, that website can literally see what the end user sees as far as what entries are in the password manager.


The creator of Qubes posted like 10 years ago:
https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html

Question 1) Is this still true 10 years later?

Question 2) I’ve read this is more true with X.org, and that Wayland is better. Does Wayland offer GUI isolation or is it the same?
 


That's a very old article and appears to be written by someone explaining the advantages of something they were working on. To my mind, they're turned the volume up quite high.

Javascript sandboxes prevent the scenario you described. This is essential because other operating systems suffer from the same problem. As a result these issues with X11 have not appeared to be an issue in the wild.

The Wayland folk were concerned enough to do something about it, it took a while, but Wayland now has several implementations. Wayland is now used by default in many Linux desktops. But you still need to ensure you browser and password-repository of choice runs native in wayland and doesn't just run in XWayland. You still need to be able to share data between windows, media-devices, etc, until you don't. The need to share may still open up a lot of unforseen (probably non-browser based) exploits.

There are heaps of non-X11 hardening one could do, such as runnings browsers in Xnest (a nested session), layering on capabilities, udev rules, containers, task specific logins. Some distro's are armoured-up out of the box. There are also disto's focused on achieving the best security possible.
 
Selinux and Apparmor allow for processes, files and directories to be isolated. Rhel based distributions use selinux and Ubuntu based distributions use AppArmor, that provides a layer of protections for applications.
 
Last edited:
Er - Hi guys - do Debian based distros qualify for discussion here..?
Well if it does..:)
I have been using an Ed Snowden - ex NSA; :mad: approved Debian based distro on a stick for past 5 years without any issues at all..
Have you guessed me yet.. ? ;) Am I deeply flawed...?
Snowden approved Qubes which launches a Whonix or Kicksecure Virtual machine. This isn't a "Linux distro" because the base is a Xen hypervisor. And even if Debian was the base, the VM provides the GUI isolation, not Linux
 
Although I think something like Firejail is actually designed for the isolation of gui applications.
Thanks for your reply. Do you know how Firejail is better or worse than bubblewrap? I heard bubblewrap is better as far as escape prevention, but didn't know firejail provides more GUI isolation?
 
but didn't know firejail provides more GUI isolation?

I should think this would be easily tested. Install firejail and then load an application in the jail. Then, use a color picker application. If it can read the colors, it's probably not fully GUI isolated.
 
Thanks for your reply. Do you know how Firejail is better or worse than bubblewrap? I heard bubblewrap is better as far as escape prevention, but didn't know firejail provides more GUI isolation?
In respect to GUI isolation, they appear to be similar, the archwiki advises that a solution such as xephyr would be required for X11 on both Firejail and Bubblewrap.
So again, some type of nested X-server, or avoid X11 and use Wayland (potentially also with nested X-servers for non-Wayland GUI applications).
 
Thanks for your reply. Do you know how Firejail is better or worse than bubblewrap? I heard bubblewrap is better as far as escape prevention, but didn't know firejail provides more GUI isolation?
I have no idea, I have never heard of Bubblewrap but I have also never used Firejail. I do know that Firejail uses security features implemented by the kernel but reading Related project comparison: Firejail it doesn't sound better or worse but just a different approach at it.
 
You can also have a look at QubesOS maybe it's something for you?
 
I should think this would be easily tested. Install firejail and then load an application in the jail. Then, use a color picker application. If it can read the colors, it's probably not fully GUI isolated.
If I put firefox in firejail with these restrictions:

Code:
firejail firefox --secomp --nonewprivs --private --tmp

It can still share screen to visually see a KeePass XC password manager.
 
You can also have a look at QubesOS maybe it's something for you?
Yes I agree that Qubes OS is the answer to this problem. Qubes isn't a Linux distro though. My original post was asking "Is it true that Linux distros are deeply flawed?"
 
Amuses the hell out of me, this does. The number of folks that insist on needing to know the answer to "Is A better than B (for whatever reason, etc.)" is unreal.

And computer geeks are worse than most. What many don't realise about Linux is that there's no 'right' or 'wrong' approach to anything. Most implementations utilise existing tools within the eco-system; as stated above, no one approach is necessarily 'better' than any other approach.....but they're often 'approached' from a different angle.

The Unix/Linux philosophy was simple, right from the outset. "Do ONE thing.....but do it as well as you possibly CAN". And then you string a whole load of things together to achieve your end goal. The skill comes in just HOW those individual functions, utilities, whatever, are strung together. Some developers are just better at such stuff than others....


Mike. :)
 
Last edited:
If you don't feel like you're getting a straight answer to your question, maybe it's because the question is ambiguous.
Yes I agree that Qubes OS is the answer to this problem. Qubes isn't a Linux distro though. My original post was asking "Is it true that Linux distros are deeply flawed?"
What do you mean?
Is being deeply flawed part of the definition of a Linux distro? Or are all Linux distros deeply flawed by necessity? No
Are ALL Linux distros deeply flawed? No
Do there exist some Linux distros that are deeply flawed? I don't know. What is you definition of deeply flawed. What distinguishes 'flawed' from 'deeply flawed'? The existence of security vulnerabilities? Does the usability, use case, or operating environment of the system come in to play? Can a particular vulnerability's risk be mitigated? How much effort is required to do that?
...and on
 
If I put firefox in firejail with these restrictions:

Code:
firejail firefox --secomp --nonewprivs --private --tmp

It can still share screen to visually see a KeePass XC password manager.

Then it's safe to assume it isn't isolated. I don't know enough about jails, but read the man page to see if there's additional isolation.
 
Hi pleasure to be here. I have 2 part question for you all,



So I heard that Linux has no GUI isolation!

In other words, each program can see the others. For example if I have firefox open with a malicious Javascript website and a GUI password manager, that website can literally see what the end user sees as far as what entries are in the password manager.


The creator of Qubes posted like 10 years ago:
https://theinvisiblethings.blogspot.com/2011/04/linux-security-circus-on-gui-isolation.html

Question 1) Is this still true 10 years later?

Question 2) I’ve read this is more true with X.org, and that Wayland is better. Does Wayland offer GUI isolation or is it the same?
Don't use a password manager.
Password managers ain't secure.


If you're really worried then install Firejail sandbox or any other sandbox.

Another option is to install Firefox Snap which is run from inside a container and supposedly nothing is able to get inside of the container.
 
Don't use a password manager.
Password managers ain't secure.
I am sorry, but these statements are very broad and lack context. I do not agree with them.

I use and recommend password managers as long as the password vault is stored only on the local computer. Used correctly, password managers offer a significant security benefit to the vast majority of people. It is my opinion that storing passwords in a commercially-provided vault on the internet is a poor security practice, even though it is common.
 
I am sorry, but these statements are very broad and lack context. I do not agree with them.

I use and recommend password managers as long as the password vault is stored only on the local computer. Used correctly, password managers offer a significant security benefit to the vast majority of people. It is my opinion that storing passwords in a commercially-provided vault on the internet is a poor security practice, even though it is common.
You don't have to agree and if you believe they are safe cool.

Seems quite a few password managers / password key savers have been compromised.

I've never needed to use one and never will need to use one.

I don't believe in leaving stuff like that stored "on the local computer".

Whatever works for you and you're comfortable with using go for it doesn't matter what I think or anyone else thinks.

Opinions are like AHs everyone has one. ;)
 


Top