On the insecurity of Linux-based operating systems

Continuing the discussion from PebbleOS smartwatches have opened pre-orders:

This is probably a good read about Linux not being secure: Linux | Madaidan's Insecurities

A (very) short summary of a few points raised on that page would be:

  • Linux desktop OSes don’t have proper sandboxing (yes, flatpak is something, but it doesn’t have a robust permission model like others do).
  • X11 provides zero GUI isolation, so every app can look into what every other app is doing.
  • Linux (the kernel) is monolithic, meaning all modules and drivers run with the exact same permissions as the kernel itself, whereas MacOS and Windows use hybrid kernels, which segregate some processes to userspace.
  • Several exploit mitigations found in MacOS/Windows such as Control Flow Integrity, Arbitrary Code Guard, and Code Integrity Guard are scarcely used, not enabled by default, or completely nonexistent.

A valid assertion, you are free to choose how you handle your threat model.

I dislike those at-charge questions. When you look at something, you should look at it in an holistic manner, looking at least at the platform strength and weaknesses.

1 Like

His review is holistic, albeit somewhat dated since we’re quickly transitioning from X11 to Wayland.

1 Like

True, the article is fine but a thread asking all the bad things about Linux isn’t great I was just pointing that out.

I think the biggest security benefits of Linux compared to Windows is that you actually know what you give admin permission to. On Windows you have to click "Ok’ on the popup about wanting to use admin privileges and it’s not even specified what it is for. Since trivial tasks require it, you become used to it and it becomes essentially useless.

1 Like

This is definitely a problem. That prompt is immensely vague.

Wayland has been stable for like 8+ years now imo: GNOME 3.22 Release Notes

1 Like

I agree the transition could’ve happened earlier but now it’s not just GNOME using Wayland. KDE and others are making the transition too.

1 Like

Most have since been addressed.

AOSP, in particular, seems to have covered all the points you list in your summary. Indications are, Android will be on desktops soon.

Linux is fairly modular, and Android’s (binderized) HAL (hardware abstraction layer) already demonstrated that a “hybrid” architecture is not a limitation imposed by Linux, but by the ecosystem that preceded it.

Apart from the drivers, the major source of concern remains the Kernel & its subsystems, which remain heavily configurable & are predominantly written in a memory unsafe language. Fuschia (also by Google) offers a way out & may yet take hold in Android (though, chances look grim after a decade of getting no where except on Nest devices).

3 Likes

Being fair, I don’t think anyone (including Madaidan) has Android in mind when they say “linux-based operating system” (or any colloquial term referring to them). But yeah, AOSP definitely addresses several security concerns!

3 Likes

He has another post about Android. So you’re right, he doesn’t mean Android when he writes about Linux.

2 Likes

Linux anecdotally provides better sandboxing than Windows in my experience. I’m not sure about the statistics, but it definitely feels like there are more Flatpaks proportionally than AppContainers, perhaps because UWP is in no longer in active development, or maybe because Flatpaks have a lot of other benefits (e.g. running on most distros).
The point usually raised about how Flatpaks have invasive permissions is invalid imo because you can very easily change them through CLI (flatpak override) and GUI (Flatseal). For when they’re not suitable, bubblejail exists.

2 Likes

it’s all relative. In android and iOS, the need for strong sandboxing is vital because the users are installing shitty user-hostile apps next to their banking apps by default. In android’s case, google wishes to protect its own access to your data as well as stop bad apps from going to town on your device.

But In the linux context, you might have only one bad app - probably the browser since it is running anything you put through it. Also, there is no google trying to lock your data in for its own purposes. If your other apps are just open source types (gimp, vlc, libre office) installed from a debian repo or whatever, then I’m not sure sandboxing is quite as critical.

There are also some sand boxing methods in linux, and if you wanted to go far with it, you could spin up VMs or containers à la qubes OS.

The reason linux is secure on servers, is that it only runs the minimum of what it has to. ‘Apps’ aren’t the issue - more likely protecting access to RAM from processes and segregating network access.

So if your linux box is basically a browser and a few open source apps, then who really cares about in-depth sandboxing? It’s not like you will be installing spyware that easily on linux anyway and your attack surface is probably very much reduced in comparison to a similar windows machine.

This argument is delusional.
Linux is not secure.

To elaborate:
Open source has no relation to security.

Grub, a core component of most distros, just had 73 security issues posted last month except they didn’t even bother to make a new release forcing distros to each manually pull the fixes in.
To quote the Arch maintainer:

Countless vulnerabilities, but no release management, no maintenance
branch, or whatever. :woozy_face::face_with_peeking_eye:

Grub maintainers aren’t even bothering to blacklist the binaries via the distributed secureboot dbx blocklist.

This time UEFI revocation list (dbx) will not be used and revocation of broken
artifacts will be done with SBAT only.

And many distros take many days to ship browser updates.

2 Likes

You’ve presented a flawless argument, and left me me… dare I say… bamboozled!

I subsequently refute all my previous statements

bro, please let me know when you’re done editing so I can explain to you how you’re wrong. It doesn’t matter what you have to say, I will find a way.

Keep digging your head into the sand, instead of accepting a long known truth.

Ok tx bro,

So for a start, android is linux and so is ChromeOS. Both incredibly highly secure linux distributions, with sandboxing and locked bootloaders.

That alone shits on all your possible arguments.

Now to be a little more in good faith, you also have less known variants - that run in RAM like TC, amnesic like TAILS or atomics like fedora silver blue… the list goes on and on. Each with their own protections and security that can go above and beyond whatever you have in mind as an alternative.

Sure, maybe your average pedestrian linux distro like ubuntu is not the most secure option. But it is still one of the most private.

And if you want a linux that is more secure, it is pretty simple to find yourself a secure distro that mitigates whatever brain worm problems with grub or otherwise that has you fixated on.

Security on linux is a skill issue. It can be as secure as you want it to be. It could literally be designed to self-destruct if you want to go full psycho with it.

Now if you are upset that it’s not all magically being done for you in the timely manner you want, then you’ll just have to accept whatever slop is given to you.

But then you don’t really have a leg to stand on as far as complaining about it.

If you’ve been paying attention to the topic it is about traditional distros, not Android or ChromeOS.

Because running in RAM provides security benefits? Since when?

Thinking the outdated poorly patched base that is Debian of Tails provide security :rofl:

Please name one that is actively maintained. All the ones I know are dead.

Ah yes, let me go rewrite all of Linux in a secure language with my skills.

I’m not upset at Linux and co.
I’m upset at users, like you, wrongly proclaiming Linux as secure when it isn’t.
I’m not going to fruitlessly continue to argue with you.
Have a good day.

1 Like

Actually, there is nothing in the OP that says this is about specifically consumer and hobbiest distros.

The title is LINUX-BASED OPERATING SYSTEMS. I put it in caps so you can read it more easily.

Regardless, the existence of android and chromeos prove that linux can be secure on the desktop.

Of course a hackable and open OS such as ubuntu is more accessible. Of course, they’re not rushing to patch grub.

I’m confused if you are being purposefully single-minded about that. If something is designed with an open model. It is going to be more open!?

The main point I am making, is that in most average people’s usecase, that openess doesn’t impact negatively on their threat model. And for those that have the aspirations like you, then it can be made secure with some skill.

Now btw… grub is actually not at all necessary for booting linux. If you really cared about security you might want to use an encrypted bootloader on a separate usb device anyway… if you were really worried, you might even want to hide it inside your bottom.

just saying yo’

Another unsubstantiated claim, they already did: See 2.12-5ubuntu8: https://changelogs.ubuntu.com/changelogs/pool/main/g/grub2/grub2_2.12-5ubuntu10/changelog