User: Password:
|
|
Subscribe / Log in / New account

Distributions for the Nexus 7 (TGDaily and HotHardware)

Distributions for the Nexus 7 (TGDaily and HotHardware)

Posted Dec 27, 2012 10:47 UTC (Thu) by ibukanov (subscriber, #3942)
In reply to: Distributions for the Nexus 7 (TGDaily and HotHardware) by rsidd
Parent article: Distributions for the Nexus 7 (TGDaily and HotHardware)

> I assume this is a problem if you want to install untrusted apps -- but if the idea is that you'll use a distro, as desktop linux users do, why is it less secure than desktop Linux?

Surely a distribution provides some level of trust, but even Debian may not provide all the necessary packages. For example, recently just to compile some stuff I had to download random packages (and trust that they are OK) from at least 3 different servers. Plus using a distribution offers no defense against bugs in applications that connects to network that can be exploited. And a bug in a browser allows to take the whole desktop.

> Yes, Amazon Kindle, Skype and other proprietary apps (if they appear for tablet linux) cannot be trusted and may not be avoidable for most users. And they can read all your files. But they can already do that on desktop linux.

Barring bugs on Android Skype cannot read passwords and other private data for other applications.

> The X server can allow display from all local users (applications), and each application can run in its own UID.

From http://lwn.net/Articles/517375/ - X11 provides isolation only between users, not between applications run by the same user.


(Log in to post comments)

Distributions for the Nexus 7 (TGDaily and HotHardware)

Posted Dec 27, 2012 11:50 UTC (Thu) by rsidd (subscriber, #2582) [Link]

> The X server can allow display from all local users (applications), and each application can run in its own UID.

From http://lwn.net/Articles/517375/ - X11 provides isolation only between users, not between applications run by the same user.
I was suggesting the Android model where each application is run as a separate user, but displays to the same X server.

Distributions for the Nexus 7 (TGDaily and HotHardware)

Posted Dec 27, 2012 12:59 UTC (Thu) by ibukanov (subscriber, #3942) [Link]

> I was suggesting the Android model where each application is run as a separate user, but displays to the same X server.

One of the points of that article is that X does not provide isolation between its clients. It does not matter if they are run from the same user id or come from different computers. As long as applications share X-server, they can do bad things with each other. Fixing this requires so many changes to the X protocol that one better starts with scratch.

Distributions for the Nexus 7 (TGDaily and HotHardware)

Posted Dec 27, 2012 17:12 UTC (Thu) by shmerl (guest, #65921) [Link]

What precludes Wayland to work differently though and have better process isolation? X is a transitory state in the mobile and desktop Linux. Wayland is the next big step.

Distributions for the Nexus 7 (TGDaily and HotHardware)

Posted Dec 28, 2012 14:57 UTC (Fri) by renox (subscriber, #23785) [Link]

> What precludes Wayland to work differently though and have better process isolation?

Nothing and there are already a few discussions about how to ensure that Wayland is secure.

Distributions for the Nexus 7 (TGDaily and HotHardware)

Posted Dec 29, 2012 8:42 UTC (Sat) by rqosa (subscriber, #24136) [Link]

> As long as applications share X-server, they can do bad things with each other.

It's possible to run separate X servers in separate virtual consoles, though (this is how the "switch user" feature is implemented).


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds