Linux is deeply flawed. No GUI isolation!



I hate to differ with you but Qubes is based on Linux

"OS Type: Linux Based on: Fedora"
Hey kc1, I like your other posts on this forum and have no hard feelings.. so I disagree from a purely debate/idea perspective...

Qubes is based on a Xen hypervisor. The only reason the link you gave says "Fedora-based" is because by default the virtual machines that it creates are Fedora. But the user can change that. One could even use a Windows VM.

The point of distinguishing between a hypervisor making a Linux VM with native Linux, is to point out that Linux's main security model is flawed to the point that it needs virtual machines just to isolate applications. Now Google's Android (modified with Graphine OS to solve the corrupt surveillance issue) does solve this problem much better with a stronger sandbox. However, all the "Linux distros" don't adapt to this Bionic kernel model
 
Don't use a password manager.
Password managers ain't secure.


If you're really worried then install Firejail sandbox or any other sandbox.

Another option is to install Firefox Snap which is run from inside a container and supposedly nothing is able to get inside of the container.
I disagree with every point made.

1) lastpass is online & propritary. we're talking about offline. as opposed to what, you writing by hand long complex passwords?

2) Firejail doesn't isolate firefox as just demonstrated in this thread right before

3) Snap is a weak sandbox. Even weaker than firejail. Check out this quote from


"The sandboxing feature, a very important one indeed from a security standpoint, is flawed in that the sandboxing actually requires certain other core services to run (such as Mir) while applications running the X11 desktop won’t support the said isolation, hence making the said security feature irrelevant. Questionable press releases and other marketing efforts from Canonical and the “central” and closed app repository are also widely criticized aspects of Snappy."
 
That's a very old article and appears to be written by someone explaining the advantages of something they were working on. To my mind, they're turned the volume up quite high.

Javascript sandboxes prevent the scenario you described. This is essential because other operating systems suffer from the same problem. As a result these issues with X11 have not appeared to be an issue in the wild.

The Wayland folk were concerned enough to do something about it, it took a while, but Wayland now has several implementations. Wayland is now used by default in many Linux desktops. But you still need to ensure you browser and password-repository of choice runs native in wayland and doesn't just run in XWayland. You still need to be able to share data between windows, media-devices, etc, until you don't. The need to share may still open up a lot of unforseen (probably non-browser based) exploits.

There are heaps of non-X11 hardening one could do, such as runnings browsers in Xnest (a nested session), layering on capabilities, udev rules, containers, task specific logins. Some distro's are armoured-up out of the box. There are also disto's focused on achieving the best security possible.
Hey, so I setup a Fedora VM which has Wayland natively by default. I ensured Wayland was being used by command line.

With Wayland, I ran firefox and hit share screen on Jitsi chat... and it can still see the other windows.. for example a password manager.
 
Hey, so I setup a Fedora VM which has Wayland natively by default. I ensured Wayland was being used by command line.

With Wayland, I ran firefox and hit share screen on Jitsi chat... and it can still see the other windows.. for example a password manager.
Then you chose to share the entire screen because with Wayland you can choose which screen you want to share because you get a popup screen giving you a selection, if you want to share only a specific browser tab or application window.
356rqmqa4tx51.png

You might have forgotten one thing, with Firefox for Wayland screen-sharing you need to launch Firefox into Wayland mode by using an environment variable.
Code:
MOZ_ENABLE_WAYLAND=1 firefox

I suggest you start a thread in the Wayland development mailinglist and see if you get an answer there...

You still haven't answered @MattWinter 's question, what is your definition of flawed and deeply flawed? Also I've seen others screen-sharing in Windows and you can also see other applications in the Windows when screen-sharing, isn't that the point of screen-sharing. So Windows is not flawed or flawed or deeply flawed? Lastly you only reply to to disagree with people but don't actually come with solution, why don't you start your own Linux distribution project that offers a solution to the problem you are complaining about or join the Wayland developers to improve Wayland.

BSD has the same two display servers available to it X11 and Wayland as well, does that make the BSD's flawed or deeply flawed to you as well? I know BSD has jails but I don't know BSD so I don't know if those are only for services or also for GUI applications. Since MacOS is based on BSD most likely the same story but MacOS is a heavily customized version of a BSD, so MacOS must be flawed or deeply flawed as well?
 
Last edited:
I disagree with every point made.

1) lastpass is online & propritary. we're talking about offline. as opposed to what, you writing by hand long complex passwords?

2) Firejail doesn't isolate firefox as just demonstrated in this thread right before

3) Snap is a weak sandbox. Even weaker than firejail. Check out this quote from


"The sandboxing feature, a very important one indeed from a security standpoint, is flawed in that the sandboxing actually requires certain other core services to run (such as Mir) while applications running the X11 desktop won’t support the said isolation, hence making the said security feature irrelevant. Questionable press releases and other marketing efforts from Canonical and the “central” and closed app repository are also widely criticized aspects of Snappy."
Perhaps these will work for you. :p


 
Quite possibly, @Bartman has a particular phrase, which only he knows, and his passwords are made from this.
I am not about to ask him if that is the case....that would be none of my business.

I believe strongly, that this type of password/security is second to none.

Which quite likely puts him a few streets ahead of anything that the likes of lastpass can offer.

I further believe that @wizardfromoz uses the same approach

as opposed to what, you writing by hand long complex passwords? ....that is just below the belt, and totally unnecessary.



 
Ok Qubes is not linux in the traditional sense. If you truly believe Linux is deeply flawed you have the freedom to choose something else. One of the great things about open source is your not tied into any one particular case. Or you can choose to develope your own Distro that meets this need. Unlike Windows and some other OS that charge large amounts of money for their systems. Most of the Linux Devs donate their time and passion without much thanks. So You have choices maybe for your case Qubes is the answer or maybe another system. You have to make up your mind about that. If what you are saying is a real security risk report it to the Disto's bug reporting team and let them evaluate it. That helps move the discussion to where something can be done. But to argue here will not change things as most of us are already happy with Linux of one form or another.
 
Is this apropos to the discussion? I think it is -- just an opinion!
Don't ever quit. Never quit. Never show anybody you're hurt. Grin and walk through the cannon smoke. It will drive them up the wall. You always stay true to your own principles. You always believe in your gift. God doesn't make mistakes when he presents someone with a gift like that. It's there for a reason. Tell the naysayers, those who reject you, to drop dead! Who cares?
--James Lee Burke
 
Everybody is entitled to their opinions and I respect them. Having said that, I have seen several statements above about password security that demonstrate an incomplete understanding, or they are not what I consider "best practices." I am not going to engage in a point-by-point debate here, but I recommend that readers look outside this thread for password security advice.
 

Staff online


Top