Language Selection

English French German Italian Portuguese Spanish

The Linux Security Circus: On GUI isolation

Filed under
Linux

There certainly is one thing that most Linux users don't realize about their Linux systems... this is the lack of GUI-level isolation, and how it essentially nullifies all the desktop security.

So, let me stress this one more time: if you have two GUI applications, e.g. an OpenOffice Word Processor, and a stupid Tetris game, both of which granted access to your screen (your X server), then there is no isolation between those two apps. Even if they run as different user accounts! Even if they are somehow sandboxed by SELinux or whatever! None, zero, null, nil!

The X server architecture, designed long time ago by some happy hippies who just thought all the people apps are good and non-malicious, simply allows any GUI application to control any other one.

rest here




More in Tux Machines

grep-2.21 released [stable]

This is to announce grep-2.21, a stable release. There have been 94 commits by 3 people in the 25 weeks since 2.20. Read more Also: GNU Parallel 20141122 ('Rosetta') released

SUSE invests in software-defined storage

SUSE, the enterprise Linux company, is working on its own storage solution using open-source Ceph: SUSE Storage. Read more

Linux 3.18-rc6

Steady progress towards final release, although we still have a big unknown worry in a regression that Dave Jones reported and that we haven't solved yet. In the process of chasing that one down, there's been a fair amount of looking at various low-level details, and that found some dubious issues, but no smoking gun yet. But that explains some of the patches in rc6.. Read more

Open Source Code Contains Fewer Defects, But There's a Catch

Research suggests that software developed using open source code contains fewer defects than that built with proprietary code. The catch is that open source code rarely benefits from security teams specifically tasked with looking for bugs. Read more