[Novalug] Spam folders considered harmful [was: Administrivia: Re: test]

Stuart Gathman stuart@gathman.org
Mon Feb 29 11:13:18 EST 2016


On 02/25/2016 06:50 PM, Bryan J Smith wrote:
> Stuart D. Gathman wrote:
>> While Microsoft email is a horror story (and there are very problematic
>> parts of the Windows API as well), unix/linux has a security horror story
>> of its own that still hasn't been fixed for 3 decades: X-Windows the
>> pervasive key-logger.
>> http://theinvisiblethings.blogspot.ch/2011/04/linux-security-circus-on-gui-isolation.html
> Listen, the author is clearly pushing application-centric
> virtualization, which _is_ possible with Linux _today_, through a
> great variety of options.  Heck, _multiple_ X-Server instances on the
> _same_computer is _also_ an option, without virtualization, VDI,
> etc... too.

Qubes is a bad solution too, for different reasons - but that doesn't change the problem.

> The "root cause" is that _all_ major operating systems _do_ have
> shared memory and shared input in their GUIs -- including Microsoft.
"Everybody has the problem" does not change the fact that there is a 
huge problem.

> So ... what was the point of all this?
Linux GUI is a pervasive key logger, and trying to make at least one of 
those "great variety of options" actually usable for day to day work is 
a desperately needed (if hugely unpopular) goal.  (Kind of like limiting 
Federal spending in the US.)

Having user id isolation is completely pointless when any GUI app can 
log you typing in the root password.

> P.S.  I guess you don't know about Wayland, and Wayland-based VDI, correct?  ;)
What I know about Wayland, is that it is enabled by default on gdm for 
Fedora, but has to be disabled because it doesn't actually work yet on 
anything I own at least.  Yes, I'm glad that people are trying to work 
on the problem and put it out there for testing.

     So what can I do?

There are hugely inconvenient things you can do today in linux to 
prevent such easy key logging.  For instance, switch to a text console 
(Ctrl-Alt-F2 on most distros) to do command line stuff as root.  
Anything you do in a convenient terminal program can be logged.   Make 
sure all the X programs on your desktop are trusted. While you *can* 
open a new GUI console to run untrusted apps (like Skype), you then need 
another user id to log in to use that app. Furthermore, Fedora at least 
doesn't seem to have a simple way for non-technical users to "open a new 
GUI console".   You have to edit config files (which is fine for me, 
but...).

Don't use GUI password safe programs (or GUI terminal windows).  You 
have to switch to a text console and use a cli program like pwsafe to 
prevent sniffing the master password.

Schemes in the works to support GUI isolation in linux involve modifying 
applications (the same problem Windows has, as you correctly point 
out).   The most important intermediate goal, IMO, is a "terminal" 
program that implements one of the new secure GUI apis - and cannot be 
sniffed by other X apps.  Then I could at least safely do terminal stuff 
(esp pwsafe) without switching to text consoles.




More information about the Novalug mailing list