cross-posted from: https://piefed.world/c/uncommon/p/1089778/linux-is-actually-very-vulnerable-to-exploits-and-it-s-showing-with-high-value-vulnerabi
I hate when people keep repeating the myth that Linux is more secure than X OS without any understanding of how much Linux gets exploited.
On the other hand, FreeBSD rarely suffers from wide security issues.
Overall, I don’t think anyone should repeat the myth that Linux is secure.
And at least if they gonna recommend Linux, they better recommend a good distro with SeLinux, hardened kernel and hardened OS.
I kind of agree. Linux needs some better security around packages and permissions. Like someone should work on an open-source snap alternative.
Is that not Flatpaks? They are damn good.
Flatpaks are not a secure sandbox. The sandbox exists to distribute apps, and the security is secondary. Apps are very minimally sandboxed. A better permission system would severely weaken the sandbox with basic permissions needed by so many apps. The amount of apps on Flathub that I have seen which need access to org.freedesktop.Flatpak which removes the sandbox. Browsers have their own sandbox crippled because Flatpak blocks namespace access, but that is not a problem for Snaps. Flatpak does not implement many (or any) modern exploit mitigations. Apps that have audio permission have microphone access, and access to all desktop audio. X11 access doesnt use something like Xephyr for a separate X11 to prevent apps from escaping the sandbox, especially on a X11 desktop environment. Etc, etc.
Now dont take me for a Snap shill. I don’t think that is very good either. But at least its permission system is more thorough and apps tend to work better in a lot of cases. It also has on-screen permission requests (at least I think). It still suffers from many of the same problems as Flatpak.
I still use Flatpaks though. Just wish things were better.
Agreed, now if we can just get every program to run in a sandbox like flatpaks, a number of security issues will no longer be on issue.
@RamRabbit I really like flatpaks.
The issue is not packaging, it’s users circumventing security out of ignorance, willful or not, still ignorance.
As Linux gains popularity, the users will need to learn, often the hard way, how to go about installing stuff. Running a random script off the internet is not how it’s done.