undefined | Better HN

0 pointssubscribed7mo ago0 comments

And there's reason why normal windows / Linux laptops are less secure.

Look, if your media player or game can just steal your ssh keys, or slightly modify your changes to your code, or inject a script into your startup sequence, that's not very safe, is it?

And that's even without having access to root (imagine if someone had written a malware like Heartbleed or Shellshock, which then could quietly persist, patch your firmware, or actually do anything it wants?)

I hope you're at least running your laptop with selinux in enforcing mode :)

0 comments

yellowapple7mo ago

> Look, if your media player or game can just steal your ssh keys, or slightly modify your changes to your code, or inject a script into your startup sequence, that's not very safe, is it?

The availability of application sandboxen and the availability of root access are two entirely separate security concerns.

yupyupyups7mo ago

Someone can correct me if I'm wrong.

If the GUI stack is vulnerable, then those sandboxes could be broken out of. The idea behind not allowing an app to access root is to remove the attack surface introduced by the GUI stack. An alternative interface to a GUI would be some physical connection (like usb-c). So accessing root exclusively via a console port or USB would be safer in theory.

This is true regardless if it's a phone or a PC.

Desktops are unfortunately waaaay behind something like GrapheneOS or iOS in terms of sandboxing. The closest in the desktop world is Qubes OS, but that's not a realistic alternative to normal OSes for the common user.

1 more reply

jampekka7mo ago

I'm willing to take the very slight chance of getting compromised in exchange for getting things done.

j / k navigate · click thread line to collapse