Hello,
It’s known that Wayland DEs (GNOME & KDE) must be chosen over x11 DEs ;
Yet, among the x11 DEs (Xfce, Lxqt, Mate…), is there one DE that offers a supplement of security over the others ?
Thanks,
Security wise, there is not a significant difference among X11 DEs.
The difference can be seen between X11 and Wayland itself, not the DEs. I wouldn’t place too much emphasis on DEs over an actual hardened configuration.
3 Likes
toward a Wayland DE ?
@KevPham correct me if I’m not following you but I think what you are trying to point is that the focus on selecting a DE for security may not be necessarily a primarily thing.
Applying certain settings/configurations such as kernel hardening, LUKS2, TPM2, Appamor or SELinux, Secure Boot, Firewall, DNS mask, MAC randomization, Fapolicyd, AIDE, Audting/Monitoring SUID binaries and logs from your system, adopting security practices such as updating firmware of your system, running applications sandboxed, etc… should be a primarily focus.
1 Like
He’s asking specifically about DEs
Yeah, I got that. I was trying to clarify what I think @KevPham was saying in the additional line.
OP’s question about DE related to security of x11 was already address in @KevPham first sentence and seems clear to me.
1 Like
None of them since they all use X11 anyways. The only ones that offer security over the others are the Wayland DEs that properly secure privileged Wayland protocols (so only GNOME and KDE), and even then GNOME is still ahead since it sandboxes thumbnailers and it was faster to implement permission controls.
But many of us don’t want to use GNOME because of performance or usability issues. If it’s the non-standard environment (most people come from Windows) that people have difficulty adjusting to. They have a choice. Either they can use KDE or a less secure desktop environment which has always been slower to adopt security features, or they can install GNOME system extensions which is like asking to get hacked.
X11 desktops aren’t secure and cannot be made secure since you’re using X11 which doesn’t even implement GUI isolation and it’s a huge sandbox escapade. So as for which one to use (Xfce, LXQt, Mate…) just pick whichever one works for you I guess. Some of these desktop environments might have experimental Wayland support.
4 Likes
I’d first like to reiterate that you really should try to stick to a Wayland DE which secures privileged Wayland protocols. No X11 desktop is reasonably secure due to the complete lack of GUI isolation.
I remember there were discussions in the Kicksecure community where they mentioned that there are security and privacy concerns with GNOME (and KDE?) beyond Wayland. For various reasons including said concerns, they want to stick to minimal desktops. Kicksecure and Whonix use Xfce but I heard they may be switching to LXQt due to its more active development and quicker adoption of Wayland.
So if you had to use X11, you might be better off with the most minimal desktop. Xfce development seems to have slowed quite a bit, so I’m thinking LXQt might be the way to go. MATE is pretty minimal too but hasn’t come up in discussion as they’re also behind in Wayland adoption. It would therefore seem that KDE (X11), Pantheon, Cinnamon, Deepin, etc, might be the worst options in this regard, but to be honest I might be splitting hairs.
1 Like
Actually, can the enhancements offered by Kicksecure fix the lack of GUI isolation of x11 DEs (in this case Xfce), as well as their other drawbacks ?
Unfortunately not, there is absolutely no isolation between programs running within the same X server. This issue currently exists for every X11 window manager. The only OS which has sort of mitigated this problem is QubesOS, not because they fixed X11 but because isolation can be provided by the Xen hypervisor. I’ve heard rumours that Xlibre (fork of Xorg) is going to try to address this, but I’m doubtful as to whether that’ll actually materialize.
Which configuration do you think is best in a security viewpoint :
Debian + Wayland DE
OR
Debian + Kicksecure + x11 DE (Xfce)
(I’ve mentioned Debian because Kicksecure targets this distro)
It’s hard to say, there’s pros and cons to both and I’m not really qualified to say which is better overall. I’d encourage people try to stick to PG recommended distros like Fedora Workstation or Secureblue. Workstation (or the KDE variant) should be usable for most users and Secureblue appears to be the most secure option.
PG does mention Kicksecure, but it should only be considered if you require the use of a Debian-based distro for some reason. If I were in that camp and looking to maximize security, I’d look into using Kicksecure and swapping out Xfce for GNOME, KDE, or LXQt (Wayland). I assume they have documentation or forum posts discussing what downsides there could be to moving away from Xfce.
1 Like
So a perpetually outdated distro + a desktop with GUI isolation and possibly secure privileged protocols
or a perpetually outdated distro + some hardening a lot of which made useless because you’re still using x11 which is a huge sandbox escapade
Why is Kicksecure recommended again?
1 Like
As you mentioned earlier, A lot of these “downsides” mentioned by the KickSecure and Whonix devs revolve around their personal frustrations with bloatware and minimalism. The developers simply have more experience working with XFCE and have certain philosophical design choices. While that is completely understandable for a volunteer development team (and should be respected), I don’t know why these “security-oriented” projects are still insistent on XFCE after the overwhelming evidence in support of Wayland-based DEs.
I even noticed a few forum comments calling out KDE supporters during Whonix’s transition to XFCE…but should that factionalism even a serious thing to worry about for serious projects like Whonix and Kicksecure?
1 Like
I can see why people would still use x11 DEs because performance issues and all or GNOME and KDE were too bloated, but if security matters more than anything else wouldn’t it make the most sense to use GNOME without any extensions despite it being the slowest and buggiest from my experiences and has a terrible workflow?
The lack of support from other DEs is one thing keeping people from switching to Wayland and it’s made worse that none of the lightweight DEs have full Wayland support yet, although XFCE and LXQt seem to at least have experimental support.
It might be worth opening a discussion on this, but I’ll mention a few points:
- Kicksecure seems to put a lot more value in privacy and freedom whereas Secureblue seems to be more solely focused on security.
- Secureblue’s defaults aren’t very user friendly. I don’t have experience with Kicksecure, but on paper it seems like it may be easier to use.
- There can still be situations where someone either finds Fedora-based or Atomic distros unsuitable, or where they require a Debian based distro.
Kicksecure is in the process of switching to Wayland. It could be removed for using X11, but it may just make a reappearance at some point in the near future. Privacy Guides already includes a warning for Kicksecure so it might be a waste of effort to remove for now.
For X11 distros, QubesOS would be best (which runs on XFCE but that doesn’t make it secure). This because the inter-qube isolation prevents apps in different qubes from mingling, but apps in the same qube are still vulnerable to X11’s insecurity
1 Like
To be fair, it’s not totally without merit, though there’s disagreement to be had over exactly how much better that’d make Xfce over GNOME in that regard. This is setting aside the X11/Wayland issue of course.
They agree that switching to Wayland is important, the main issue has been a lack of resources to do it. I haven’t followed it closely but I believe they’ve been making progress on it.
Can you think of anything in particular about these situations ?
Maybe related to the use of Debian for a server ?
This isn’t a bad thing, and it shows how both distros serve a different purpose. Kicksecure values privacy and freedom while still focusing on security hardening. This is what we need more of instead of solely focusing on security and ignoring freedom.
I’d also add that Secureblue adopts to modern technologies like Wayland and Atomic-based distros while Kicksecure remains traditional with a Debian base, so it all comes down to personal preference.
Discussion related
Kicksecure could be made an honorable mention until it fully switches to Wayland, and perhaps Alpine Linux and/or possibly Gentoo could be added as honorable mentions too since they cater to specific niches (Alpine not using Systemd or the GNU userland and Gentoo being source-based), meet the criteria, but definitely can’t be recommended for most people who aren’t knowledgeable about computers and Linux.
However PG already recommends more than enough Linux distros for use cases, and the software minimalism and anti-systemd niches are a small portion of the community. Most people don’t even know what an init system is let alone care about it.