| |||||||||||||
Distributions for the Nexus 7 (TGDaily and HotHardware)Distributions for the Nexus 7 (TGDaily and HotHardware)Posted Dec 27, 2012 7:30 UTC (Thu) by rsidd (subscriber, #2582)In reply to: Distributions for the Nexus 7 (TGDaily and HotHardware) by ibukanov Parent article: Distributions for the Nexus 7 (TGDaily and HotHardware) I assume this is a problem if you want to install untrusted apps -- but if the idea is that you'll use a distro, as desktop linux users do, why is it less secure than desktop Linux? Yes, Amazon Kindle, Skype and other proprietary apps (if they appear for tablet linux) cannot be trusted and may not be avoidable for most users. And they can read all your files. But they can already do that on desktop linux. Also, I'm not sure about this: This is just impossible with X11 applications unless one starts to use one x-server per application.The X server can allow display from all local users (applications), and each application can run in its own UID.
(Log in to post comments)
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 27, 2012 8:24 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link]
X server has probably more security holes than an average colander. Nobody really cared about inter-application isolation until very recently, and it shows.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 27, 2012 21:26 UTC (Thu) by Wol (guest, #4433) [Link]
Actually, unfortunately, I think nobody with any power (in other words, commit access) actually cared about X at all!
Which is why when Xorg was born, EVERYBODY (near enough) switched in a hearbeat. At last, we had an X which was run by people who *did* care.
And, much as i'm scared about the idea, which is why X is on course to be replaced by Wayland. (Which is *designed* to be capable of doing everything X can do. A lot of important things seem to be being ignored, because nobody seems to care enough to do anything about them :-(
Cheers,
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 28, 2012 9:38 UTC (Fri) by renox (subscriber, #23785) [Link]
> Which is *designed* to be capable of doing everything X can do.
This sentence isn't very good..
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 29, 2012 16:56 UTC (Sat) by Wol (guest, #4433) [Link]
To which I have to respond (and I'm not a Wayland developer, so this is very much aiui)
1) And why do they need to know? That's the job of the display manager or whatever it is. "need to know" is important, and knowing stuff that is totally unnecessary makes things too complicated.
2) That sounds like you're running X over Wayland or vice versa. At the moment I don't think you can run Wayland remotely, but aiui there is nothing that prevents the Wayland communication layer from talking over a network. So there is nothing (in principle, in practice the software hasn't been written) stopping your program sending a message "write this text here" that then gets sent over the network to a remote render engine.
(Given the fact that Rob Landley (the X guy who cares) is actively working to help Wayland make X obsolete, I can't see that they would have designed it so such things couldn't be done ...)
Cheers,
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 29, 2012 17:28 UTC (Sat) by dlang (✭ supporter ✭, #313) [Link]
unless there are two Rob Landley's, I think you have the wrong person
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 30, 2012 21:03 UTC (Sun) by Wol (guest, #4433) [Link]
Quite possibly. Who was the guy who got thrown out of XFree for trying to improve X?
Cheers,
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 30, 2012 21:18 UTC (Sun) by rahulsundaram (subscriber, #21946) [Link]
Keith Packard
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Jan 1, 2013 18:10 UTC (Tue) by Wol (guest, #4433) [Link]
Yup. I meant him. Sorry...
Cheers,
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 29, 2012 20:48 UTC (Sat) by renox (subscriber, #23785) [Link]
For (1) It may matter or not depending on the situation, that is still an important change.
For (2) this won't prevent network transparency, just use more bandwith in some situations, so I doubt they'll make such big change to Wayland's design for this.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Jan 4, 2013 19:04 UTC (Fri) by nix (subscriber, #2304) [Link]
Actually the performance effect of sending big bitmaps over the network rather than 'write this text here' is devastating: you can go from thousands of lines scrolled per second to one line or even less.
But it was finally pounded into my head that fixing this in Wayland is the job of a toolkit remoting library (hopefully one single library used by lots of toolkits), which can easily tell what text the application wants to render. This isn't fundamentally harder than having network transparency in the server, though I fear it will lead to massive inconsistency as different toolkits choose to do transparency in different ways :(((
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Jan 4, 2013 20:12 UTC (Fri) by renox (subscriber, #23785) [Link]
> Actually the performance effect of sending big bitmaps over the network rather than 'write this text here' is devastating: you can go from thousands of lines scrolled per second to one line or even less.
Especially on a WAN yes.
> But it was finally pounded into my head that fixing this in Wayland is the job of a toolkit remoting library (hopefully one single library used by lots of toolkits), which can easily tell what text the application wants to render. This isn't fundamentally harder than having network transparency in the server, though I fear it will lead to massive inconsistency as different toolkits choose to do transparency in different ways :(((
The other being that no such remoting library is implemented and the reduced remote performances that you described.
Which is why I disagreed with the sentence '[Wayland] is *designed* to be capable of doing everything X can do.'..
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Jan 5, 2013 16:22 UTC (Sat) by paulj (subscriber, #341) [Link]
All the major toolkits (GTK+, Qt, WxWidgets, any others?) *ALREADY* support a remote rendering protocol that works with Wayland: X11. Via either Xlib or XCB.
Note that the situation of multiple /libraries/ for remote rendering *already* exists today for X11 without Wayland. Note further that several toolkits (GTK+ and Qt) *already* supported multiple rendering outputs (framebuffer, X11), and even multiple *remote* output protocols (X11, HTML5 in at least the case of GTK+) prior to Wayland and the sky did not fall in.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Jan 5, 2013 17:48 UTC (Sat) by nix (subscriber, #2304) [Link]
I was sort of assuming that the intent was to eventually deprecate X11, and that all the damning of X11 for horrible remote performance meant that it wasn't a suitable remoting protocol.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 27, 2012 10:47 UTC (Thu) by ibukanov (subscriber, #3942) [Link]
> I assume this is a problem if you want to install untrusted apps -- but if the idea is that you'll use a distro, as desktop linux users do, why is it less secure than desktop Linux?
Surely a distribution provides some level of trust, but even Debian may not provide all the necessary packages. For example, recently just to compile some stuff I had to download random packages (and trust that they are OK) from at least 3 different servers. Plus using a distribution offers no defense against bugs in applications that connects to network that can be exploited. And a bug in a browser allows to take the whole desktop.
> Yes, Amazon Kindle, Skype and other proprietary apps (if they appear for tablet linux) cannot be trusted and may not be avoidable for most users. And they can read all your files. But they can already do that on desktop linux.
Barring bugs on Android Skype cannot read passwords and other private data for other applications.
> The X server can allow display from all local users (applications), and each application can run in its own UID.
From http://lwn.net/Articles/517375/ - X11 provides isolation only between users, not between applications run by the same user.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 27, 2012 11:50 UTC (Thu) by rsidd (subscriber, #2582) [Link] > The X server can allow display from all local users (applications), and each application can run in its own UID.I was suggesting the Android model where each application is run as a separate user, but displays to the same X server.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 27, 2012 12:59 UTC (Thu) by ibukanov (subscriber, #3942) [Link]
> I was suggesting the Android model where each application is run as a separate user, but displays to the same X server.
One of the points of that article is that X does not provide isolation between its clients. It does not matter if they are run from the same user id or come from different computers. As long as applications share X-server, they can do bad things with each other. Fixing this requires so many changes to the X protocol that one better starts with scratch.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 27, 2012 17:12 UTC (Thu) by shmerl (guest, #65921) [Link]
What precludes Wayland to work differently though and have better process isolation? X is a transitory state in the mobile and desktop Linux. Wayland is the next big step.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 28, 2012 14:57 UTC (Fri) by renox (subscriber, #23785) [Link]
> What precludes Wayland to work differently though and have better process isolation?
Nothing and there are already a few discussions about how to ensure that Wayland is secure.
Distributions for the Nexus 7 (TGDaily and HotHardware) Posted Dec 29, 2012 8:42 UTC (Sat) by rqosa (subscriber, #24136) [Link] > As long as applications share X-server, they can do bad things with each other. It's possible to run separate X servers in separate virtual consoles, though (this is how the "switch user" feature is implemented).
|
|||||||||||||