The author seems to subscribe to the holy church of the sandbox security theater ;)
They add an incredible amount of complexity and thus potential security issues to a system while making the users and system designers think it is ok to run a malware distribution channel as the primary update mechanism (i.e. the Playstore).
I am not against sandboxes in general (it is for example good to have the javascript code sandboxed in a browser), but all to often they are used to justify the implementation of much more fundamental security issues.
Most security issues are social issues anyways and not really technical.
Another thing to point out is that he states how the Linux kernel has hundreds of vulnerabilities found compared to other OS’s. Well yeah, Linux is open source and literally any researcher/security expert can read the code to find bugs. Good luck trying to do the same with Windows or MacOS.
Lastly, most Linux distros are “complete” in the sense that you generally (or at least for the majority) don’t have to install much software outside of whats already in your distribution’s repos; you’re not having to google/download sketchy apps, so this threat model of rogue apps trying to hack/steal your data is minimal, if not non-existent.
The real problem is those systems (Windows, MacOS, iOS, Android) all have an app store where a ton of developers are trying to make money off of you in any way possible by stealing your data/invading your privacy, so they had to build a permission system because you can’t trust those random people. You can generally trust your Linux distro to not package malware and can safely install any app that’s available.
Edit: I should add, its still a good writeup. I think he makes some good points and it would be great to see Linux improve in some areas, even if the problem doesn’t really exist as much as it does for the more commercially backed operating systems.
Good luck trying to do the same with Windows or MacOS.
When it comes to find bug, vulnerabilities, audit etc. closed source is not so different from open source, people can actually reverse engineering closed source software, that’s why Windows 10, for instance, has malware. If I recall correctly, reverse engineering is used even for open source software because its more easy to understand how the code work.
Hi. Can you please be more nice in the future? I don’t see any reasons to be rude. Maybe I’m wrong, I’m open to discussion, but your point doesn’t prove anything in my opinion.
In software design, reverse engineering enables the developer or programmer to add new features to the existing software with or without knowing the source code. Different techniques are used to incorporate new features into the existing software.
Reverse engineering is also very beneficial in software testing, as most of the virus programmers don’t leave behind instructions on how they wrote the code, what they have set out to accomplish etc. Reverse engineering helps the testers to study the virus and other malware code. The field of software testing, while very extensive, is also interesting and requires vast experience to study and analyze virus code.
The third category where reverse engineering is widely used is in software security. Reverse engineering techniques are used to make sure that the system does not have any major vulnerabilities and security flaws. The main purpose of reverse engineering is to make the system robust so as to protect it from spywares and hackers. Infact, this can be taken a step forward to Ethical hacking, whereby you try to hack your own system to identify vulnerabilities.
Beyond that, there are different articles about this topic, including,
Reverse engineering is a process that hackers use to figure out a program’s components and functionalities in order to find vulnerabilities in the program. You recover the original software design by analyzing the code or binary of the program, in order to hack it more effectively.
During a past job interview, I was tasked to reverse four linux binaries of increasing difficulties as proof of my ability into the reverse engineering field.
Running everything sandboxed even if the software that’s being run is FOSS and comes from trusted sources doesn’t sound too bad though. Just another layer of defense. What are the potential security issues this could cause?
No, but what would be the benefit? Sandboxed are only needed when running untrusted code. That is unavoidable sometimes as the web would be pretty much unusable without javascript. But when someone tries to sell you a sandbox the malware distribution channel usually follows closely behind (I am looking at your Snapstore >:( ).
Just a bunch of stupid bugs can turn your well behaved code into malware. You should not trust any code to do what you think it does, especially if you have written it yourself. If it’s possible to enforce fine grained access control and isolation then it should be done.
the web would be pretty much unusable without javascript.
A bug is not malware (i.e. software intentionally written to do harm). It might get exploited, but that is an entirely different story and usually requires another piece of actual malware to work.
Adding a sandbox to mitigate against bugs might sound like a good idea at first, but in reality it adds bloat and makes people stop actually fixing bugs. And a lot of the impacts of bugs can be more easily mitigated against with general system improvements that actually make the system overall better instead of adding layers of bloat. Take Rust for example: it is a memory safe language that actually improves the system, but of course a sandbox can also mitigate against software written in memory unsafe languages. But hopefully you agree that Rust is the better idea then wrapping everything in a sandbox.
As for Javascript on the web. No it would be a much poorer system overall, with people reverting to shoddy apps to supplement webcontent. Maybe you are having rose tinted glasses or are too young to remember, but the web was not better before widespread javascript use. In fact it had stuff like Shockwave and Flash to do some of what Javascript does today shudder
And a lot of the impacts of bugs can be more easily mitigated against with general system improvements
Yes and these improvements will converge to be a sandboxed environment. Even original unix had (weak) process isolation and ACL’s. Should we go back to cooperative multitasking because a scheduler is bloat? No, because it’s not practical. Should we remove all exploit mitigations and fix all the bugs instead? No, because it’s not practical. For reasonably complex programs we can’t tell if they are bug-free and even if we could the hardware it runs on may have bugs. The best we can do is minimize the impact a glitched program can realistically have.
Rust is the better idea then wrapping everything in a sandbox.
Rust prevents a range of stupid bugs that don’t have to happen. (plus other cool stuff) It can’t prevent logic bugs. Say e.g. you have a server with an unintentional arbitrary file inclusion. Would you rather like to wait for the bug to be fixed and be completely vulnerable in the meantime or have the impact limited to the files the server process/user is explicitely allowed to access?
In fact it had stuff like Shockwave and Flash
Sure, compared to those (whose turing completeness javascript predates btw.) it’s nice but no builtin RCE at all is still the better solution.
The author seems to subscribe to the holy church of the sandbox security theater ;)
They add an incredible amount of complexity and thus potential security issues to a system while making the users and system designers think it is ok to run a malware distribution channel as the primary update mechanism (i.e. the Playstore).
I am not against sandboxes in general (it is for example good to have the javascript code sandboxed in a browser), but all to often they are used to justify the implementation of much more fundamental security issues.
Most security issues are social issues anyways and not really technical.
Another thing to point out is that he states how the Linux kernel has hundreds of vulnerabilities found compared to other OS’s. Well yeah, Linux is open source and literally any researcher/security expert can read the code to find bugs. Good luck trying to do the same with Windows or MacOS.
Lastly, most Linux distros are “complete” in the sense that you generally (or at least for the majority) don’t have to install much software outside of whats already in your distribution’s repos; you’re not having to google/download sketchy apps, so this threat model of rogue apps trying to hack/steal your data is minimal, if not non-existent.
The real problem is those systems (Windows, MacOS, iOS, Android) all have an app store where a ton of developers are trying to make money off of you in any way possible by stealing your data/invading your privacy, so they had to build a permission system because you can’t trust those random people. You can generally trust your Linux distro to not package malware and can safely install any app that’s available.
Edit: I should add, its still a good writeup. I think he makes some good points and it would be great to see Linux improve in some areas, even if the problem doesn’t really exist as much as it does for the more commercially backed operating systems.
When it comes to find bug, vulnerabilities, audit etc. closed source is not so different from open source, people can actually reverse engineering closed source software, that’s why Windows 10, for instance, has malware. If I recall correctly, reverse engineering is used even for open source software because its more easy to understand how the code work.
how the fuck is reverse engineered code easier to read then the source code?? that makes no sense what so ever
Hi. Can you please be more nice in the future? I don’t see any reasons to be rude. Maybe I’m wrong, I’m open to discussion, but your point doesn’t prove anything in my opinion.
https://blog.udemy.com/reverse-engineering-tutorial/
Beyond that, there are different articles about this topic, including,
https://medium.com/swlh/intro-to-reverse-engineering-45b38370384
https://osandamalith.com/2019/02/11/linux-reverse-engineering-ctfs-for-beginners/
https://blog.kartone.ninja/2019/03/25/when-a-reverse-me-ctf-binary-makes-you-loose-that-job/
Removed by mod
Running everything sandboxed even if the software that’s being run is FOSS and comes from trusted sources doesn’t sound too bad though. Just another layer of defense. What are the potential security issues this could cause?
No, but what would be the benefit? Sandboxed are only needed when running untrusted code. That is unavoidable sometimes as the web would be pretty much unusable without javascript. But when someone tries to sell you a sandbox the malware distribution channel usually follows closely behind (I am looking at your Snapstore >:( ).
Just a bunch of stupid bugs can turn your well behaved code into malware. You should not trust any code to do what you think it does, especially if you have written it yourself. If it’s possible to enforce fine grained access control and isolation then it should be done.
Imo it would be a better place without it
A bug is not malware (i.e. software intentionally written to do harm). It might get exploited, but that is an entirely different story and usually requires another piece of actual malware to work.
Adding a sandbox to mitigate against bugs might sound like a good idea at first, but in reality it adds bloat and makes people stop actually fixing bugs. And a lot of the impacts of bugs can be more easily mitigated against with general system improvements that actually make the system overall better instead of adding layers of bloat. Take Rust for example: it is a memory safe language that actually improves the system, but of course a sandbox can also mitigate against software written in memory unsafe languages. But hopefully you agree that Rust is the better idea then wrapping everything in a sandbox.
As for Javascript on the web. No it would be a much poorer system overall, with people reverting to shoddy apps to supplement webcontent. Maybe you are having rose tinted glasses or are too young to remember, but the web was not better before widespread javascript use. In fact it had stuff like Shockwave and Flash to do some of what Javascript does today shudder
Yes and these improvements will converge to be a sandboxed environment. Even original unix had (weak) process isolation and ACL’s. Should we go back to cooperative multitasking because a scheduler is bloat? No, because it’s not practical. Should we remove all exploit mitigations and fix all the bugs instead? No, because it’s not practical. For reasonably complex programs we can’t tell if they are bug-free and even if we could the hardware it runs on may have bugs. The best we can do is minimize the impact a glitched program can realistically have.
Rust prevents a range of stupid bugs that don’t have to happen. (plus other cool stuff) It can’t prevent logic bugs. Say e.g. you have a server with an unintentional arbitrary file inclusion. Would you rather like to wait for the bug to be fixed and be completely vulnerable in the meantime or have the impact limited to the files the server process/user is explicitely allowed to access?
Sure, compared to those (whose turing completeness javascript predates btw.) it’s nice but no builtin RCE at all is still the better solution.