undefined | Better HN

0 pointsfelooboolooomba4d ago0 comments

In addition, we need a fundamental change in OS security. It's not OK that every application you run has access to all your files and unfiltered internet access by default.

0 comments

lukewrites4d ago

I’ve been using Little Snitch on my Mac for years now because I want to be aware of (and be able to turn off) the connections programs make. Probably the weirdest one I’ve caught was a new seagate hdd that required you to run an executable file to be able to format the drive, which then tried to connect to baidu.

https://fosstodon.org/@lukewrites/100907932236227641

gib4443d ago

It's so noisy though because of apps' built in update checks and other legitimate things initially, which you then grant a process exception for. Per destination allow rules would also generate a lot of popups. Then the user just grants exceptions for all traffic or suffers alert fatigue

It's useful for apps that should not have any outbound networking

But fundamentally I don't think it moves the needle that much on the bigger picture

sunshine-o4d ago

Security mechanisms in most operating systems are good and has continued to evolve rapidly. I would say in Linux there might be too many and this is where the confusion come from.

The problem is really how the very popular recent things on top have been built: Docker, npm, pip.

I personally do not have docker, npm or pip installed on my workstation because I know that any `xxx install` is almost the equivalent of downloading and executing a `.exe` on a Windows 95 back in the days.

Apparently what happened here is a Github employee VScode downloaded a compromised extension and it ran wild in his $HOME (npm, another Microsoft gem is involved here if I remember correctly).

How was the OS supposed to prevent that?

AlienRobot4d ago

Just prevent VS Code from accessing the entire $HOME.

The idea is that a well-made, modern desktop operating system would extremely limit an executable's access to user files and provide intuitive tools to allow access. Most applications shouldn't even need any access beyond their own configuration directory and maybe something like ~/Document/Source Code for source code editors and IDE. It shouldn't need to access ~/Pictures, ~/Videos, ~/Downloads, etc.

The problem is that Windows would rather sell you OneDrive, and Linux is very far from a well-made modern desktop OS, so a transitive dependency on a linter installed by a VS Code plugin can rm -rf $HOME, I guess.

neop1x4d ago

For linux we have bubblewrap, firejail, apparmor and selinux (popular ones, there are far more). But it is often complicated and annoying to set up. Normally one would expect sw developers would write security rules for their apps but it is difficult due to amount of different sandboxing tools and various distro-specific configuration changes.

It would be nice to have it sorted out somehow. Actually Snap is an interesting example of something done in that regard.

2 more replies

j / k navigate · click thread line to collapse