Re: More desktop security thoughts (was Re: GNOME privilege library)

From: Mike Hearn <mike navi cx>
To: Alan Cox <alan lxorguk ukuu org uk>
Cc: desktop-devel-list gnome org
Subject: Re: More desktop security thoughts (was Re: GNOME privilege library)
Date: Sat, 15 Jan 2005 14:17:28 +0000

On Sat, 2005-01-15 at 00:34 +0000, Alan Cox wrote:
> Very few gnome apps don't crash if fed crap. Its only the last release
> that a single pipe in the wrong place couldn't kill nautilus dead. If
> you want to make gnome blow itself up as a user then put your home
> directory into the fonts directory - that was quite good last time I
> tried it, or delete the last menu off the panel and try and put it back
> (now ok I think ?) and so on.

Well, alright, so if you bend over backwards or muck about with the
command line you can break Gnome pretty badly. It's pretty hard to break
things just by using the UI how it was intended to be used (moving home
directories about excluded as the new GNOME 2.8 UI makes that pretty
hard ...)

> The notion that Gnome is robust against even user accident is humorous

I think it's fair to say it's better than most desktops.

> > Unfortunately Linux itself is pretty much the polar opposite: it's trivial
> > to render many distros unbootable simply by following instructions or even
> > by applying automatic security updates! And if you think about it, it's
> 
> Automatic updating is what you are talking about for the desktop, and
> people having update fun is precisely the kind of unexpected effect
> automation causes, especially in systems like this with enormous
> combinatorial variation in the settings and packages installed.

I had a couple of things in mind here:

- User installs RPM built for newer version of their distro, RPM tells
  them to upgrade glibc, they search around and find a glibc built for
  an entirely different distro, RPM installs it uncomplainingly and now
  their system won't boot. They just Had To Know that you can't do that.

- Fedora pushes a kernel upgrade which breaks the nVidia drivers,
  rendering any 3D game useless. As it only takes effect on reboot
  this one is especially annoying as you can do an update, go on holiday
  for a week and have totally forgotten about it when you get back.

  (assuming you know enough about Linux internals to figure out what
   went wrong anyway)

Right now there's no way I'd give a Fedora/Ubuntu desktop to a non-
technical home user without being closely supervised, for those reasons
alone. Automatic updates that break things by design will just get
switched off or ignored really quick.

Any discussion of interesting new security is pretty useless without a
robust updates system as staying up to date is the best way to protect
yourself.

<rant>
The sad thing about the nVidia driver is that the 'nv' source shipped
with X.org is only open source by virtue of it coming in a form readable
by a compiler. One X developer has called it a "binary driver in source
form" it's so heavily obfuscated - it's certainly not easily understood
or hackable by the community, so as far as I'm concerned there are no
Free nvidia drivers at all.
</rant>

thanks -mike

Follow-Ups:
- Re: More desktop security thoughts (was Re: GNOME privilege library)
  - From: Alan Cox

References:
- Re: More desktop security thoughts (was Re: GNOME privilege library)
  - From: Havoc Pennington
- Re: More desktop security thoughts (was Re: GNOME privilege library)
  - From: Larry W. Virden
- Re: More desktop security thoughts (was Re: GNOME privilege library)
  - From: Mike Hearn
- Re: More desktop security thoughts (was Re: GNOME privilege library)
  - From: Alan Cox

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]