Ubuntu and CentOS Are Undoing a GNOME Security Feature (bleepingcomputer.com) 66
An anonymous reader writes: Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. In recent years, security researchers have proven that thumbnail parses can be an attack vector [1, 2, 3].
Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.
Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.
Good (Score:4, Insightful)
The last thing we need is additional layers of minimally-tested software promising to protect people.
Re: (Score:2)
I mean, its really GOOD that ubuntu wants to test it themselves. But I'm not sure why disabling it until you can test it is more sensible than leaving it enabled until you can test it.
Given we *know* that its vulnerable without it.
Re: (Score:3)
Because the sandbox can screw up and eat your cat at any time.
The vulnerability it protects against happens when you're rebuilding an installer package locally. Building the installer can cause it to run naughty javascript that might be hidden in the code related to icons. Most users would never ever run this. Very few users are rebuilding packages that they're not involved in maintaining.
But if the new sandbox has security bugs, they could hit regular users who never even tried to rebuild a package.
Re: (Score:2)
The last thing we need is additional layers of minimally-tested software promising to protect people.
I don't understand why you would think that?
It works so well for the TSA!
Re: (Score:2)
Re: (Score:1)
Blame the hardware! (Score:2)
Re: (Score:3)
You seem a little confused about the impact here. They're removing it because having it there makes things less secure, while promising security. That is dangerous.
You seem a bit confused about the dangers.
Re: (Score:1)
Re: (Score:2)
Did you consider the question, "Why would they need to test its security?" Does not testing security, when you know you need to do it, create a security risk?
How can you point at "because they didn't take the time to test its security" and not also arrive at, "If they don't have time to test the security, then including it would be a risk?"
You just from them not having time, to their excuse about why they didn't have time, without considering the actual effect of not having enough time. It doesn't matter wh
Re: Blame the hardware! (Score:2)
It is probably along the lines of a badly tested bug fix, where any bug fix can introduce unknown side effects, especially if it is a large one?
Since everything about fixing issues is down to a risk analysis, it could be argued that in the current state we know the risks, while the new security architecture introduces unknowns. Those unknowns could be worse than the previous state.
This approach is also a way of pushing back the onus of proving it secure to the Gnome developers.
Re: (Score:3)
Lets blame CPU hardware bugs, which we cannot do anything about, for our inability to secure our own software.
You do realise it's about securing other people's software right?
Re: (Score:3)
Doesn't seem very controversial (Score:5, Insightful)
Re:Doesn't seem very controversial (Score:5, Interesting)
We won't know if it is really a security feature unless somebody audits the code.
Code that is not a security feature, but thinks it is, is even more dangerous than an unpatched bug.
It doesn't seem controversial because you didn't understand it yet. Keep trying. When you understand the controversy, that's when you'll have started understanding the controversy.
Re: (Score:3, Insightful)
When you understand the controversy, that's when you'll have started understanding the controversy.
The first rule of tautology club is the first rule of tautology club.
Re: (Score:2)
This just doesn't seem very controversial.
That's the point. If you have secrets, don't put them on a computer.
The feature isn't called bubblewrap (Score:2, Informative)
This doesn't have really much to do with bubblewrap on its own. What this has to do with is GNOME running thumbnail generating software within bubblewrap. However there are issues with this, if a user is already running some gnome software inside of a container or something already using bubblewrap, you can't run multiple levels of it.
The real question that needs to be asked though, who the hell is still using GNOME?
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
MATE != GNOME.
Re: (Score:3)
Which is an outright sabotage: with Windows getting weak, we could pull in a good part of Windows users had we defaulted to an usable desktop. No experienced user uses GNOME -- including even GNOME devs (they develop it from OS X) -- so the non-technical user suffers from software that's not even dogfooded.
Re: (Score:2)
Can't seem to find a good reference (it's late and I got work to do), but I recall an article that claimed more than a half of core devs either run OS X exclusively with at most VMs, or at least dual-boot with OS X as primary.
But, so my words are not completely unbacked, here's the creator of GNOME [tirania.org].
Re: (Score:1)
Will someone rid me of this meddlesome delusion? Seriously, it's just inane to believe this. The reason Linux desktop will never push out WIndows is that most of the useful shit in the world simply has no Linux counterpart and there's no "good part of Windows users" who want to run VMs all the time.
Re: (Score:2)
Ubuntu Bionic (18.04). They dropped Unity and went back to GNOME.
Re: (Score:2)
You can still install Unity on bionic, it isn't terrible. For me, one of the very few desktops that has a usable vertical tool bar for dual widescreen monitors.
Re: (Score:2)
Why sandbox it? (Score:2)
How about a thorough audit of the code? Nah slap a band aid on some shitty code with more shitty code.
Re: (Score:3)
It seems obvious, but if there isn't enough available hours to audit the sandbox, there is even less available to individually audit all the code that would run inside the sandbox.
And most of that code has been in the wild for a long time and is pretty stable. (Stable means unchanging in software) So it is less likely to be dangerous than newer code, that hasn't been in the wild for long, and isn't yet stable.
Undoing != Disabling (Score:1)
Are they UNDOING it, by removing the code? Or are they simply disabling it, by assertion of a flag?
Enquiring minds want to know..
I got excited because I thought this was about (Score:5, Funny)
removing systemd.
Remember when.... (Score:1)
Everyone used to bitch about PulseAudtio? Pepperidge-Fa'm 'members!
Use Devuan (Score:1)
I am using it right now. Works great.
I used to love Gnome, Ubuntu, and CentOS, now they all suck.
Just ditch it (Score:2)
If Only (Score:2)