Recently Chris Evans, an IT security expert currently working for Tesla, published a series of blog posts about security vulnerabilities in the GStreamer multimedia framework. A combination of the Chrome browser and GNOME-based desktops creates a particularly scary vulnerability. Evans also made a provocative statement: that vulnerabilities of this severity currently wouldn’t happen in Windows 10. Is the state of security on the Linux desktop really that bad — and what can be done about it?
This was too easy . It should not be possible to find a serious memory corruption vulnerability in the default Linux desktop attack surface with just a few minutes of looking. Although it’ s hard to say it, this is not the kind of situation that occurs with a latest Windows 10 default install. Is it possible that Linux desktop security has rotted?
This is an eye opener. I think sandboxing desktop is a must for all Linux users. OpenBSD has pledge that forces apps into a restricted-service operating mode. Linux had/has a few options like:
- Firejail
- Linux sandboxing
- Qubes is a security-oriented, free and open-source operating system for personal computers that allows you to securely compartmentalize your digital life.
- AppArmor, SELinux, grsec-rbac, Docker and more.
Another option is to use tiling window managers and minimal distro such as Arch Linux.
- Read more: IS THE LINUX DESKTOP LESS SECURE THAN WINDOWS 10? (fosdem.org ~ pdf version)