Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
GNOME Security Ubuntu IT Technology

Ubuntu and CentOS Are Undoing a GNOME Security Feature (bleepingcomputer.com) 66

An anonymous reader writes: Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. In recent years, security researchers have proven that thumbnail parses can be an attack vector [1, 2, 3].

Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.

This discussion has been archived. No new comments can be posted.

Ubuntu and CentOS Are Undoing a GNOME Security Feature

Comments Filter:
  • Good (Score:4, Insightful)

    by Aighearach ( 97333 ) on Monday August 27, 2018 @01:47PM (#57204834)

    The last thing we need is additional layers of minimally-tested software promising to protect people.

    • by vux984 ( 928602 )

      I mean, its really GOOD that ubuntu wants to test it themselves. But I'm not sure why disabling it until you can test it is more sensible than leaving it enabled until you can test it.

      Given we *know* that its vulnerable without it.

      • Because the sandbox can screw up and eat your cat at any time.

        The vulnerability it protects against happens when you're rebuilding an installer package locally. Building the installer can cause it to run naughty javascript that might be hidden in the code related to icons. Most users would never ever run this. Very few users are rebuilding packages that they're not involved in maintaining.

        But if the new sandbox has security bugs, they could hit regular users who never even tried to rebuild a package.

    • by cyn1c77 ( 928549 )

      The last thing we need is additional layers of minimally-tested software promising to protect people.

      I don't understand why you would think that?

      It works so well for the TSA!

  • Lets blame CPU hardware bugs, which we cannot do anything about, for our inability to secure our own software.
    • You seem a little confused about the impact here. They're removing it because having it there makes things less secure, while promising security. That is dangerous.

      You seem a bit confused about the dangers.

      • No, they removed it because they didnt take the time to test its security, and blamed it on the time spent dealing with a hardware insecurity issue.
        • Did you consider the question, "Why would they need to test its security?" Does not testing security, when you know you need to do it, create a security risk?

          How can you point at "because they didn't take the time to test its security" and not also arrive at, "If they don't have time to test the security, then including it would be a risk?"

          You just from them not having time, to their excuse about why they didn't have time, without considering the actual effect of not having enough time. It doesn't matter wh

      • It is probably along the lines of a badly tested bug fix, where any bug fix can introduce unknown side effects, especially if it is a large one?

        Since everything about fixing issues is down to a risk analysis, it could be argued that in the current state we know the risks, while the new security architecture introduces unknowns. Those unknowns could be worse than the previous state.

        This approach is also a way of pushing back the onus of proving it secure to the Gnome developers.

    • Lets blame CPU hardware bugs, which we cannot do anything about, for our inability to secure our own software.

      You do realise it's about securing other people's software right?

  • by Xylantiel ( 177496 ) on Monday August 27, 2018 @01:59PM (#57204926)
    So a new security feature isn't getting wider distribution (yet) because there weren't enough resources to get it ready. This just doesn't seem very controversial.
    • by Aighearach ( 97333 ) on Monday August 27, 2018 @02:12PM (#57205042)

      We won't know if it is really a security feature unless somebody audits the code.

      Code that is not a security feature, but thinks it is, is even more dangerous than an unpatched bug.

      It doesn't seem controversial because you didn't understand it yet. Keep trying. When you understand the controversy, that's when you'll have started understanding the controversy.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        When you understand the controversy, that's when you'll have started understanding the controversy.

        The first rule of tautology club is the first rule of tautology club.

    • This just doesn't seem very controversial.

      That's the point. If you have secrets, don't put them on a computer.

  • by Anonymous Coward

    This doesn't have really much to do with bubblewrap on its own. What this has to do with is GNOME running thumbnail generating software within bubblewrap. However there are issues with this, if a user is already running some gnome software inside of a container or something already using bubblewrap, you can't run multiple levels of it.

    The real question that needs to be asked though, who the hell is still using GNOME?

    • Em, the Cinnamon developers of course.
    • Well, it's not like it's the default desktop environment in the most popular Linux distribution, right?
      • by Anonymous Coward

        MATE != GNOME.

      • Which is an outright sabotage: with Windows getting weak, we could pull in a good part of Windows users had we defaulted to an usable desktop. No experienced user uses GNOME -- including even GNOME devs (they develop it from OS X) -- so the non-technical user suffers from software that's not even dogfooded.

        • by Anonymous Coward

          we could pull in a good part of Windows users

          Will someone rid me of this meddlesome delusion? Seriously, it's just inane to believe this. The reason Linux desktop will never push out WIndows is that most of the useful shit in the world simply has no Linux counterpart and there's no "good part of Windows users" who want to run VMs all the time.

    • by sconeu ( 64226 )

      Ubuntu Bionic (18.04). They dropped Unity and went back to GNOME.

      • You can still install Unity on bionic, it isn't terrible. For me, one of the very few desktops that has a usable vertical tool bar for dual widescreen monitors.

    • Comment removed based on user account deletion
  • How about a thorough audit of the code? Nah slap a band aid on some shitty code with more shitty code.

    • It seems obvious, but if there isn't enough available hours to audit the sandbox, there is even less available to individually audit all the code that would run inside the sandbox.

      And most of that code has been in the wild for a long time and is pretty stable. (Stable means unchanging in software) So it is less likely to be dangerous than newer code, that hasn't been in the wild for long, and isn't yet stable.

  • by Anonymous Coward

    Are they UNDOING it, by removing the code? Or are they simply disabling it, by assertion of a flag?

    Enquiring minds want to know..

  • by Anonymous Coward on Monday August 27, 2018 @02:26PM (#57205184)

    removing systemd.

  • I am using it right now. Works great.

    I used to love Gnome, Ubuntu, and CentOS, now they all suck.

  • Gnome is good for consuming resources and for making it difficult to get anything done. Just ditch it.
  • If only there was an option to enable/disable this feature :)

Only great masters of style can succeed in being obtuse. -- Oscar Wilde Most UNIX programmers are great masters of style. -- The Unnamed Usenetter

Working...