Hacker News new | ask | show | jobs
by kaba0 1843 days ago
My only gripe with bringing desktop Linux to phones is that desktop Linux is a security nightmare. Someone with more experience please chime in, but the whole thing is C, no usable sandbox (a bug in firejail will make the untrusted code run root..) and the old xkcd comic is still true: the only thing a malicious actor can’t do is install a video driver. That is, your user account with all the important data is basically left completely open. Compared to the iphone, and android (especially graphene os) it is laughable.

And while basically noone uses pinephone/librem 5, there are plenty of people running desktop linux (myself included), but I don’t sleep well knowing how unsecure the whole thing is, and seemingly it is not a priority to anyone. Is my paranoia based on facts?
1 comments
fsflover 1842 days ago
https://source.puri.sm/Librem5/community-wiki/-/wikis/Freque...
link
kaba0 1842 days ago
Thanks for the link!

Some nitpicks (not directed at you at all):

> When we develop security solutions, we develop them without looking down on the user or thinking of them as som[e]body that we have to protect almost like a parent-child relationship. We try to build a solution that gives them control over their own security.

That's many words for saying we don't have any sort of security measures.

> Because all the code in the root file system of the Librem 5 is free/open source, all of it can be reviewed to verify that it doesn't contain backdoors and doesn't do anything that the user doesn't want it to do

At most it answers privacy but not security. Also, non-existent security can so easily add a "backdoor", especially on top of an all-memory-unsafe environment where memory bugs are everywhere.

But I will give them that they do list basically all my gripes with it:

> It lacks a secure boot process to verify that none of the boot files have been changed. > It lacks a hardware-backed key store. > The apps are not run in a secure sandbox. > PureOS doesn't have shim kernel drivers that do most of their execution in userspace libraries like Android and iOS. > PureOS doesn't have low-level protections such as Control Flow Integrity and ShadowCallStack in Android and Pointer Authentication Codes in iOS. > Most of the operating system and applications are written in memory unsafe languages like C and C++. > The Librem 5 lacks a permission system where each app is required to ask the user for permission to access parts of the phone like Android has.

And unfortunately the answer to these is that there are some distant plans for some of these. Hopefully both desktop and mobile Linux will improve heavily in this area in the coming years.

link