[sunshine-o]

Security mechanisms in most operating systems are good and has continued to evolve rapidly. I would say in Linux there might be too many and this is where the confusion come from.

The problem is really how the very popular recent things on top have been built: Docker, npm, pip.

I personally do not have docker, npm or pip installed on my workstation because I know that any `xxx install` is almost the equivalent of downloading and executing a `.exe` on a Windows 95 back in the days.

Apparently what happened here is a Github employee VScode downloaded a compromised extension and it ran wild in his $HOME (npm, another Microsoft gem is involved here if I remember correctly).

How was the OS supposed to prevent that?

[AlienRobot]

Just prevent VS Code from accessing the entire $HOME.

The idea is that a well-made, modern desktop operating system would extremely limit an executable's access to user files and provide intuitive tools to allow access. Most applications shouldn't even need any access beyond their own configuration directory and maybe something like ~/Document/Source Code for source code editors and IDE. It shouldn't need to access ~/Pictures, ~/Videos, ~/Downloads, etc.

The problem is that Windows would rather sell you OneDrive, and Linux is very far from a well-made modern desktop OS, so a transitive dependency on a linter installed by a VS Code plugin can rm -rf $HOME, I guess.

[neop1x]

For linux we have bubblewrap, firejail, apparmor and selinux (popular ones, there are far more). But it is often complicated and annoying to set up. Normally one would expect sw developers would write security rules for their apps but it is difficult due to amount of different sandboxing tools and various distro-specific configuration changes.

It would be nice to have it sorted out somehow. Actually Snap is an interesting example of something done in that regard.

[AlienRobot]

Yes, and I wish Linux developers would see their own hypocrisy.

Linux users love to say that "fragmentation is good" but they also depend fully on root, sudo, users/groups, and RWX file permissions. Those are "standards" enforced by having only 1 way of doing something, the kernel.

[skydhash]

Don’t forget that Linux is Unix inspired. And unix were meant to be used on servers and mainframe where root were used by a trained sysadmin. Users were not meant to install applications, and their actions has little impact on the system integrity (if they’re not actively attacking it)

But now with PC, you are root on your local machine, and some abuse that power without even knowing what it entails. You could easily sandbox npm, by creating a user for your js dev persona. But that’s not convenient, so no one does it.

[nurple]

Don't forget user accounts!