Language Selection

English French German Italian Portuguese Spanish

The Linux Security Circus: On GUI isolation

Filed under

There certainly is one thing that most Linux users don't realize about their Linux systems... this is the lack of GUI-level isolation, and how it essentially nullifies all the desktop security.

So, let me stress this one more time: if you have two GUI applications, e.g. an OpenOffice Word Processor, and a stupid Tetris game, both of which granted access to your screen (your X server), then there is no isolation between those two apps. Even if they run as different user accounts! Even if they are somehow sandboxed by SELinux or whatever! None, zero, null, nil!

The X server architecture, designed long time ago by some happy hippies who just thought all the people apps are good and non-malicious, simply allows any GUI application to control any other one.

rest here

More in Tux Machines

Data indicates that Android picked up global market share from iOS last month

Tracking mobile web traffic, NetMarketShare computes the market share for mobile operating systems. Based on the data from last month, Android was able to widen its gap over iOS globally. Considering that the Apple iPhone 6s and Apple iPhone 6s Plus weren't launched until September 25th, the recently released phones accounted for a miniscule part of the data. The new models won't have a major effect on the results until the figures for this month are released. Read more

RapidDisk / RapidCache 3.4 now available.

RapidDisk is an advanced Linux RAM Disk which consists of a collection of modules and an administration tool. Features include: Dynamically allocate RAM as block device. Use them as stand alone disk drives or even map them as caching nodes to slower local disk drives. I pushed 3.4 into the mainline earlier this morning. Changes include:
  • Added ability to autoload RapidDisk volumes during module insertion.
  • Fixed bug in RapidDisk (volatile) volume size definition across 32 to 64 bit types.
  • Making use of BIT() macro in the driver.
  • Removed RapidDisk-NV support. It was redundant with the recently kernel integrated pmem code.
You can pull it from the git, yum, ZYpp & apt repos or download it from the SourceForge project page. To stay updated, you can follow the RapidDisk Google+ page.