1
0
mirror of https://github.com/PrivSec-dev/privsec.dev synced 2024-11-17 12:01:35 -05:00
privsec.dev/public/os/linux-insecurities/index.html
Tommy 6b30fb93fe
New Hugo build
Signed-off-by: Tommy <contact@tommytran.io>
2022-07-17 06:00:20 -04:00

9 lines
14 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html><html lang=en dir=auto><head><meta charset=utf-8><meta http-equiv=x-ua-compatible content="IE=edge"><meta name=viewport content="width=device-width,initial-scale=1,shrink-to-fit=no"><meta name=robots content="index, follow"><title>Linux Insecurities | PrivSec.dev</title><meta name=keywords content="operating system,security,linux"><meta name=description content="There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post."><meta name=author content="Tommy"><link rel=canonical href=https://privsec.dev/os/linux-insecurities/><link crossorigin=anonymous href=/assets/css/stylesheet.8b523f1730c922e314350296d83fd666efa16519ca136320a93df674d00b6325.css integrity="sha256-i1I/FzDJIuMUNQKW2D/WZu+hZRnKE2MgqT32dNALYyU=" rel="preload stylesheet" as=style><script defer crossorigin=anonymous src=/assets/js/highlight.f413e19d0714851f6474e7ee9632408e58ac146fbdbe62747134bea2fa3415e0.js integrity="sha256-9BPhnQcUhR9kdOfuljJAjlisFG+9vmJ0cTS+ovo0FeA=" onload=hljs.initHighlightingOnLoad()></script>
<link rel=icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=16x16 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=icon type=image/png sizes=32x32 href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=apple-touch-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><link rel=mask-icon href=https://privsec.dev/%3Clink%20/%20abs%20url%3E><meta name=theme-color content="#2e2e33"><meta name=msapplication-TileColor content="#2e2e33"><noscript><style>#theme-toggle,.top-link{display:none}</style></noscript><meta property="og:title" content="Linux Insecurities"><meta property="og:description" content="There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post."><meta property="og:type" content="article"><meta property="og:url" content="https://privsec.dev/os/linux-insecurities/"><meta property="article:section" content="os"><meta name=twitter:card content="summary"><meta name=twitter:title content="Linux Insecurities"><meta name=twitter:description content="There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.
There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post."><script type=application/ld+json>{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":2,"name":"Operating Systems","item":"https://privsec.dev/os/"},{"@type":"ListItem","position":3,"name":"Linux Insecurities","item":"https://privsec.dev/os/linux-insecurities/"}]}</script><script type=application/ld+json>{"@context":"https://schema.org","@type":"BlogPosting","headline":"Linux Insecurities","name":"Linux Insecurities","description":"There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.\nThere is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonix\u0026rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post.","keywords":["operating system","security","linux"],"articleBody":"There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.\nThere is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, Whonixs Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post. You can find the original article here.\nWhy is Linux used on servers if it is so insecure? On servers, while most of the problems referenced in the article still exists, they are somewhat less problematic.\nOn Desktop Linux, GUI applications run under your user, and thus have access to all of your files in /home. This is in contrast to how system daemons typically run on servers, where they have their own group and user. For example, NGINX will run under nginx:nginx on Red Hat distributions, or www-data:www-data on Debian based ones. Discreationary Access Control does help with filesystem access control for server processes, but is useless for desktop applications.\nAnother thing to keep in mind is that Mandatory Access Control is also somewhat effective on servers, as commonly run system daemons are confined.\nWork in progress\nCant Linux be configured to be most secure operating system? Isnt it impossible to backdoor Linux because it is open source? ","wordCount":"238","inLanguage":"en","datePublished":"0001-01-01T00:00:00Z","dateModified":"0001-01-01T00:00:00Z","author":{"@type":"Person","name":"Tommy"},"mainEntityOfPage":{"@type":"WebPage","@id":"https://privsec.dev/os/linux-insecurities/"},"publisher":{"@type":"Organization","name":"PrivSec.dev","logo":{"@type":"ImageObject","url":"https://privsec.dev/%3Clink%20/%20abs%20url%3E"}}}</script></head><body class=dark id=top><script>localStorage.getItem("pref-theme")==="light"&&document.body.classList.remove("dark")</script><header class=header><nav class=nav><div class=logo><a href=https://privsec.dev accesskey=h title="PrivSec.dev (Alt + H)">PrivSec.dev</a><div class=logo-switches><button id=theme-toggle accesskey=t title="(Alt + T)"><svg id="moon" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M21 12.79A9 9 0 1111.21 3 7 7 0 0021 12.79z"/></svg><svg id="sun" xmlns="http://www.w3.org/2000/svg" width="24" height="18" viewBox="0 0 24 24" fill="none" stroke="currentcolor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><circle cx="12" cy="12" r="5"/><line x1="12" y1="1" x2="12" y2="3"/><line x1="12" y1="21" x2="12" y2="23"/><line x1="4.22" y1="4.22" x2="5.64" y2="5.64"/><line x1="18.36" y1="18.36" x2="19.78" y2="19.78"/><line x1="1" y1="12" x2="3" y2="12"/><line x1="21" y1="12" x2="23" y2="12"/><line x1="4.22" y1="19.78" x2="5.64" y2="18.36"/><line x1="18.36" y1="5.64" x2="19.78" y2="4.22"/></svg></button></div></div><ul id=menu><li><a href=https://privsec.dev/knowledge/ title="Knowledge Base"><span>Knowledge Base</span></a></li><li><a href=https://privsec.dev/os/ title="Operating Systems"><span>Operating Systems</span></a></li><li><a href=https://privsec.dev/apps/ title=Applications><span>Applications</span></a></li><li><a href=https://privsec.dev/providers/ title=Providers><span>Providers</span></a></li></ul></nav></header><main class=main><article class=post-single><header class=post-header><div class=breadcrumbs><a href=https://privsec.dev>Home</a>&nbsp;»&nbsp;<a href=https://privsec.dev/os/>Operating Systems</a></div><h1 class=post-title>Linux Insecurities</h1><div class=post-meta>2 min&nbsp;·&nbsp;238 words&nbsp;·&nbsp;Tommy&nbsp;|&nbsp;<a href=https://github.com/PrivSec-dev/privsec.dev/blob/main/content/os/Linux%20Insecurities.md rel="noopener noreferrer" target=_blank>Suggest Changes</a></div></header><div class=toc><details><summary accesskey=c title="(Alt + C)"><span class=details>Table of Contents</span></summary><div class=inner><ul><li><a href=#why-is-linux-used-on-servers-if-it-is-so-insecure aria-label="Why is Linux used on servers if it is so insecure?">Why is Linux used on servers if it is so insecure?</a></li><li><a href=#cant-linux-be-configured-to-be-most-secure-operating-system aria-label="Can&amp;rsquo;t Linux be configured to be most secure operating system?">Can&rsquo;t Linux be configured to be most secure operating system?</a></li><li><a href=#isnt-it-impossible-to-backdoor-linux-because-it-is-open-source aria-label="Isn&amp;rsquo;t it impossible to backdoor Linux because it is open source?">Isn&rsquo;t it impossible to backdoor Linux because it is open source?</a></li></ul></div></details></div><div class=post-content><p>There is a common misconception among privacy communities that Linux is one of the more secure operating systems, either because it is open source or because it is widely used in the cloud. This is however, a far cry from reality.</p><p>There is already a very indepth technical blog explaning the various security weaknesses of Linux by Madaidan, <a href=https://www.whonix.org/>Whonix</a>&rsquo;s Security Researcher. This page will attempt to address some of the questions commonly raised in reaction to his blog post. You can find the original article <a href=https://madaidans-insecurities.github.io/linux.html>here</a>.</p><h3 id=why-is-linux-used-on-servers-if-it-is-so-insecure>Why is Linux used on servers if it is so insecure?<a hidden class=anchor aria-hidden=true href=#why-is-linux-used-on-servers-if-it-is-so-insecure>#</a></h3><p>On servers, while most of the problems referenced in the article still exists, they are somewhat less problematic.</p><p>On Desktop Linux, GUI applications run under your user, and thus have access to all of your files in <code>/home</code>. This is in contrast to how system daemons typically run on servers, where they have their own group and user. For example, NGINX will run under <code>nginx:nginx</code> on Red Hat distributions, or <code>www-data:www-data</code> on Debian based ones. Discreationary Access Control does help with filesystem access control for server processes, but is useless for desktop applications.</p><p>Another thing to keep in mind is that Mandatory Access Control is also somewhat effective on servers, as commonly run system daemons are confined.</p><p>Work in progress</p><h3 id=cant-linux-be-configured-to-be-most-secure-operating-system>Can&rsquo;t Linux be configured to be most secure operating system?<a hidden class=anchor aria-hidden=true href=#cant-linux-be-configured-to-be-most-secure-operating-system>#</a></h3><h3 id=isnt-it-impossible-to-backdoor-linux-because-it-is-open-source>Isn&rsquo;t it impossible to backdoor Linux because it is open source?<a hidden class=anchor aria-hidden=true href=#isnt-it-impossible-to-backdoor-linux-because-it-is-open-source>#</a></h3></div><footer class=post-footer><ul class=post-tags><li><a href=https://privsec.dev/tags/operating-system/>operating system</a></li><li><a href=https://privsec.dev/tags/security/>security</a></li><li><a href=https://privsec.dev/tags/linux/>linux</a></li></ul><nav class=paginav><a class=prev href=https://privsec.dev/os/docker-and-oci-hardening/><span class=title>« Prev</span><br><span>Docker and OCI Hardening</span></a>
<a class=next href=https://privsec.dev/os/securing-openssh-with-fido2/><span class=title>Next »</span><br><span>Securing OpenSSH with FIDO2</span></a></nav></footer></article></main><footer class=footer><span>&copy; 2022 <a href=https://privsec.dev>PrivSec.dev</a></span>
<span>Powered by
<a href=https://gohugo.io/ rel="noopener noreferrer" target=_blank>Hugo</a> &
<a href=https://github.com/adityatelange/hugo-PaperMod/ rel=noopener target=_blank>PaperMod</a></span></footer><a href=#top aria-label="go to top" title="Go to Top (Alt + G)" class=top-link id=top-link accesskey=g><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 12 6" fill="currentcolor"><path d="M12 6H0l6-6z"/></svg></a><script>let menu=document.getElementById("menu");menu&&(menu.scrollLeft=localStorage.getItem("menu-scroll-position"),menu.onscroll=function(){localStorage.setItem("menu-scroll-position",menu.scrollLeft)}),document.querySelectorAll('a[href^="#"]').forEach(e=>{e.addEventListener("click",function(e){e.preventDefault();var t=this.getAttribute("href").substr(1);window.matchMedia("(prefers-reduced-motion: reduce)").matches?document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView():document.querySelector(`[id='${decodeURIComponent(t)}']`).scrollIntoView({behavior:"smooth"}),t==="top"?history.replaceState(null,null," "):history.pushState(null,null,`#${t}`)})})</script><script>var mybutton=document.getElementById("top-link");window.onscroll=function(){document.body.scrollTop>800||document.documentElement.scrollTop>800?(mybutton.style.visibility="visible",mybutton.style.opacity="1"):(mybutton.style.visibility="hidden",mybutton.style.opacity="0")}</script><script>document.getElementById("theme-toggle").addEventListener("click",()=>{document.body.className.includes("dark")?(document.body.classList.remove("dark"),localStorage.setItem("pref-theme","light")):(document.body.classList.add("dark"),localStorage.setItem("pref-theme","dark"))})</script><script>document.querySelectorAll("pre > code").forEach(e=>{const n=e.parentNode.parentNode,t=document.createElement("button");t.classList.add("copy-code"),t.innerHTML="copy";function s(){t.innerHTML="copied!",setTimeout(()=>{t.innerHTML="copy"},2e3)}t.addEventListener("click",t=>{if("clipboard"in navigator){navigator.clipboard.writeText(e.textContent),s();return}const n=document.createRange();n.selectNodeContents(e);const o=window.getSelection();o.removeAllRanges(),o.addRange(n);try{document.execCommand("copy"),s()}catch{}o.removeRange(n)}),n.classList.contains("highlight")?n.appendChild(t):n.parentNode.firstChild==n||(e.parentNode.parentNode.parentNode.parentNode.parentNode.nodeName=="TABLE"?e.parentNode.parentNode.parentNode.parentNode.parentNode.appendChild(t):e.parentNode.appendChild(t))})</script></body></html>