Just Say No

I love Debian. It’s a great organization with an important mission, to deliver FLOSS to the world. Their GNU/Linux is very easy to install and to use and they have a huge repository. Unfortunately, a new init-system, systemd, has been forced upon them by RedHat and “partners”. An init-system is just supposed to start things up but systemd is a new layer of supervisor on top of Linux and everything is being made to depend on it, including the desktop environment. Only GNOME desktop environment is up to speed with Debian Testing, so that will be the new default desktop. Earlier, Debian had chosen XFCE which was popular and light enough to fit in a single CD…

Instead, GNOME, which breaks most of the traditional “desktop” meme, has returned to being the default. Newbies will need their hands held just to start something up. Single-CD installations are dead. That hammers much of the emerging “market” for GNU/Linux where CDs and even electricity and networks are in short supply. Of course, one can install XFCE4 instead of GNOME but the user has to take charge, something newbies may find intimidating.

Just say “No!”. Uncheck GNOME. Check XFCE in the “tasksel” page of the installer or use APT to install XFCE4 after you boot your system. You can do it. You have the power.
Default:A better choice:

This is what you get with that simple choice.
A simple desktop. It simply works for you. There is not a simple way to remove systemd but you can control your desktop environment. Just do it.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology. Bookmark the permalink.

30 Responses to Just Say No

  1. DrLoser wrote, “If you truly believe that 137 < 70, then this might explain some of the more dubious statistical conclusions on this site"

    Do you really think I need to run ~200 processes on my PC, Beast? I can turn off many processes needed only for booting or for certain applications I don’t want to use during my session. I leave them run because they consume no resources in scarcity and because I use them occasionally. One can argue about the numbers but I have a lot of stuff not running as root and as you well know, I can move others to non-root as well. I do have root access when I want it.

    If you want to pursue straws consider that the word “most” has implicit as well as explicit meaning. The implication is that in GNU/Linux the vast majority of stuff runs as root and it doesn’t. As I write this, my system is 96% IDLE. Those rooty things aren’t running most of the time… So, I can do a weighted sum with activity and the truth is revealed, most of my stuff runs as me: firefox, Xorg, pulseaudio… Only Xorg is run as root and it’s getting ~1% of CPU time. Meanwhile pogson’s processes running as pogson are consuming the most CPU time.

  2. DrLoser says:

    There are 207 processes of which 137 run as root.

    So, I don’t agree that “most of everything” runs as root.

    Webster’s 1913:

    Most (?), a., superl. of More. [OE. most, mast, mest, AS. mst; akin to D. meest, OS. mēst, G. meist, Icel. mestr, Goth. maists; a superl. corresponding to E. more. √103. See More, a.]

    1. Consisting of the greatest number or quantity; greater in number or quantity than all the rest; nearly all …

    … For the most part, in reference to the larger part of a thing, or to the majority of the persons, instances, or things referred to.

    I believe TEG is using” “most of everything” as shorthand, sc. “for the most part.” As you can see, however, his meaning is clear in either case. And, at least on your machine, he is correct according to Webster’s.

    If you truly believe that 137 < 70, then this might explain some of the more dubious statistical conclusions on this site, Robert.

  3. oiaohm says:

    That Exploit Guy ” SUID root grants full root privileges” is a out of date information.

    A file with SUID and file capabilities applied. Its the file capabilities that win.

    Wrong. Being root allows you to override the resource isolation imposed by cgroup. This behaviour is as per cgroup design.
    Completely wrong these days also wrong by old cgroup. Root alone was never enough. Cgroup by old design was checking for root + CAP_SYS_ADMIN. Of course in the past if you had write access to the /sys/fs/cgroup path as root your could restore the CAP_SYS_ADMIN. Issue here is if a cgroup file namespace is applied blocking /sys/fs/cgroup write access to the root user you are seeing and the root user does not have CAP_SYS_ADMIN it is truly going no where. That root user has no options to in fact alter cgroups. CAP_SYS_ADMIN would allow the root user to mount /sys/fs/cgroup in a different directory path so possible by passing the file system name-space. A+B+C equals breakable case. CAP_SYS_ADMIN alone process can go where ever it likes. Filesystem namespace limitations are quite strict.

    Newer cgroup behavior you have to be approved by process id 1 to alter cgroup settings. Does not matter if you are root or not only the cgroup manager process can alter the /sys/fs/cgroup data. The presume comes because most of time when you are a user as root you have CAP_SYS_ADMIN and are not locked in by a filesystem namespace. For services this is not always the case. First hint that they are locked in is if root processes don’t have CAP_SYS_ADMIN. Second hint is cgroup namespaces.

    2.6.26 added SECURE_NOROOT so just because a application has user id 0 does not mean it has any rights at all.

    http://man7.org/linux/man-pages/man7/capabilities.7.html

    The change that root user was not all powerful was Linux kernel 2.2 series and 2.6.26 or a very long time ago. Just because something has user ID 0 that suid causes does not mean the capabilities have been granted. Selinux and other LSM can strip capabilities from a suid action so can setcap http://linux.die.net/man/8/setcap

    Please note I was not talking about selinux sandboxing. Cgroups can have made sandboxed very solid. Newer RHEL running systemd can look a little weaker with more applications running as root. But when you get down to the brass tacks about what the applications can do its not as much as it appears.

    That Exploit Guy I did not say CAP_SYS_ADMIN was the be all and end all. The reality to be able to alter mounts to bi pass cgroup filesystem namespace limitations restricting where a user can read/write you need CAP_SYS_ADMIN. You don’t have CAP_SYS_ADMIN and cgroup file system is off limits to you it will remain that way. The state is completely disconnected from being root as ID 0. Having ID 0 does not mean you can alter cgroups. You find selinux with its user limitations are the same.

    That is solely the problem with X and SELinux, isn’t it?
    No its not just solely the problem with X and SELinux. I ask you to do as simple operation. Copy, Paste between applications but secure. That Exploit Guy I will tell you now that no one has in fact worked out. Every case on every platform background applications can snoop on data traveling in the copy paste buffer. Its all the small things like this that ruin your day. Drag and drop works from a security point of view other than the fact you can drop stuff on the wrong window. Yes are you sure dialogs could kinda drive users nuts. There are a lot of that users take for granted that are security nightmares.

    No, the access control has already been an integral part of of the Win32 API since the beginning of the NT series, which is very unlink the bolted-on nature of SELinux.
    This is kinda true. The problem is due to the bolted on nature of SELinux was able to extend the access control to cover everywhere that in fact needs covering. So items like applications screen capturing the complete screen when they just want a copy of their window came very clear.

    That Exploit Guy SELinux is the prototype. Please be aware prototype. Lot of the production solutions coming in the Linux world is cgroup and wayland based.

    By the way That Exploit Guy keep on quoting the “False Boundaries and Arbitrary Code Execution” sooner or latter someone will kick your complete head in for being out of date and incompetent. In fact sections of that write up was in fact incorrect at the time it was written.

    Feb 2, 2009 2.6.26 Linux kernel is released with SECURE_NOROOT
    CAP_SETUID: generic: can set real uid to 0 and gain full capabilities on exec.
    Guess what SECURE_NOROOT means if an application has CAP_SETUID and SECURE_NOROOT no capabilities are in fact added to the exec.

    This is where things get interesting inside systemd systems where a lot of this extra stuff is automatically applied by systemd-nspawn every time a service is started.

    That Exploit Guy there are a set of posts pointing out all the errors and mistakes in the document you have brought here. It is not just Selinux any more. Cgroups can in fact stop a root user from altering selinux as well.

    Some one really should write a paper called lack of boundaries on the desktop That Exploit Guy this document could be generic for all desktop OS’s. Just try design a copy paste solution that is secure. Reality is that is one of the universal that XACE broke.

    Of course redhat could have some errors with systemd service files lacking correct name-space and capabilities setting. But there is absolutely no way That Exploit Guy can spot that when he thinks that Root is all powerful. Linux kernel secuirty has been taking power away from root for long time. Issue is sysvinit has not been able to apply it. Why we have to change to systemd or equal. Linux kernels security framework is quite good.

    Cgroup is not like LSM modules that are kinda optional. Cgroups are becoming mandatory. The arguement about Linux security being bolted on after the fact has very limited future as well.

  4. That Exploit Guy says:

    I expect our Peter Dolding to ignore this post and pretend that it doesn’t exist, but here goes…

    That Exploit Guy the problem with incompetent people. Root user does not mean you can alter cgroups or selinux settings

    Wrong. Being root allows you to override the resource isolation imposed by cgroup. This behaviour is as per cgroup design.

    You require a particular capabilities flags to alter selinux or cgroups.

    Cgroup security measures have fundamentally nothing to do with SELinux. This simply shows the understanding you lack about SELinux and cgroup.

    CAP_SYS_ADMIN capability this not always associated with programs running as root user.

    Except in most cases it is. This is also not to mention CAP_SYS_ADMIN is a major faux pas in SELinux developer’s part to having fine-grain control of root’s “capabilities”.

    There is a method to check what applications are running with CAP_SYS_ADMIN you will find almost none are.

    Putting aside the fact that the several sentences (if you can call them such) are completely bogus, CAP_SYS_ADMIN is not the only problem associated with SELinux “capabilities”.

    suid root vs capabilities flags placed on the same file the capabilities flags override the suid root. Setuid has very limited effects in modern Linux.

    File capabilities are meant to be a replacement for the SUID bit. In other words, you either use file capabilities, or you use the SUID bit. You never use both.

    On top of that, SUID root grants full root privileges in a SELinux-enabled system (as pointed out by Spengler). This is why efforts such as this exist to remove all SUID bits from a distribution.

    Why do programs run as root is because programs check if they have user 0 to decide if they have enough privilege to work. Most don’t check capabilities.

    If you had understood anything about popular Linux distros, you would have noticed that the EUID check is usually done before the execution of the daemon binary in the init script. Occasionally, there are daemon binaries that do check for root *UID, but they are far and in between.

    Also, unless you have specific SELinux policies in place, root is still omnipotent in most cases. Guess how many people are bothered enough to muck with the distro’s default policies?

    By the way system logind cgroup apply can also remove CAP_SYS_ADMIN from root user as well as restrict write and modify to the root users home directory only. So logged in as root and unable todo jack.

    Again, SELinux and cgroup have fundamentally nothing to do with each other. Where did you get this funny idea that a cgroup somehow has a SELinux capability assigned to it?

    danwalsh was referencing another attempt to make desktop security work.

    No, you have simply comments on three separate things that have nothing to do with each other.

    The same issue happens when Microsoft has attempted to secure Win32/Win64 applications.

    No, the access control has already been an integral part of of the Win32 API since the beginning of the NT series, which is very unlink the bolted-on nature of SELinux.

    It is that we cannot make it functional.

    That is solely the problem with X and SELinux, isn’t it?

    That Exploit Guy why I suspect trouble is when someone uses the term *nix they normally 1 cannot spell because the last 3 letters of Linux is nux, 2 are not aware that Linux in operation is closer to Solarias than most other Unix systems.

    And you obvious cannot spell “Solaris” correctly.

    You can build a linux kernel with CAP_SYS_ADMIN disabled for all users.

    No matter, as Spengler points out, SELinux is still garbage regardless of CAP_SYS_ADMIN.

  5. TEG wrote, “time and time again, you have promoted X on Linux as an alternative to Windows. Don’t you find this just a little ironic?”

    I promote X for its flexibility, not its security. It is certainly secure enough if you encrypt network-traffic and have no Xserver on the terminal server(s). That flexibility is more valuable than the whole of that other OS. Thin clients are often the right way to do IT and X has that covered.

  6. oiaohm says:

    If you actually pay attention to many popular distros (e.g. RHEL), you’ll instantly notice they run most of everything as “root”, which negates pretty much all the benefits you can get from SELinux and cgroups.
    LOLOLOL That Exploit Guy completely has not a clue. Only a idiot on how Linux security works would raise this.

    That Exploit Guy the problem with incompetent people. Root user does not mean you can alter cgroups or selinux settings. You require a particular capabilities flags to alter selinux or cgroups. CAP_SYS_ADMIN capability this not always associated with programs running as root user. In fact most of the time its not associated. Guess what by default systemd removes from all services. Kiss good by to bipassing selinux or cgroup restrictions by breaking a service. There is a method to check what applications are running with CAP_SYS_ADMIN you will find almost none are.

    suid root vs capabilities flags placed on the same file the capabilities flags override the suid root. Setuid has very limited effects in modern Linux.

    Why do programs run as root is because programs check if they have user 0 to decide if they have enough privilege to work. Most don’t check capabilities.

    Root/non-root privilege separation is not how it is inside Linux Distributions. Yes Linux looks that way because it makes Applications happy to think its that way.

    By the way system logind cgroup apply can also remove CAP_SYS_ADMIN from root user as well as restrict write and modify to the root users home directory only. So logged in as root and unable todo jack.

    danwalsh was referencing another attempt to make desktop security work.

    danwalsh reports the same thing I was refering to with http://selinuxproject.org/page/NB_XWIN
    As an example I do not want to allow the app to “screen Scrape” any other app running, doing this with XACE causes the confined app to not run correctly.
    The same issue happens when Microsoft has attempted to secure Win32/Win64 applications. The reality secure X11 applications don’t run. Reality secure windows desktop properly applications don’t run either. Issue both cases the Applications presume to have the right todo way more than they should.

    The issue is not that the security does not exist in X11. It is that we cannot make it functional. Wayland is basically take everything learn from XACE and have new applications made expecting to work in a secure environment.

    That Exploit Guy why I suspect trouble is when someone uses the term *nix they normally 1 cannot spell because the last 3 letters of Linux is nux, 2 are not aware that Linux in operation is closer to Solarias than most other Unix systems. Including the fact that user id 0 commonly called root is only conditionally powerful. You can build a linux kernel with CAP_SYS_ADMIN disabled for all users. Root assigned capabilities is a build option. Yes the power of Root under Linux is highly optional.

  7. TEG wrote, “If you actually pay attention to many popular distros (e.g. RHEL), you’ll instantly notice they run most of everything as “root”, which negates pretty much all the benefits you can get from SELinux and cgroups.”

    On my Debian system, I run a lot of things:

    • mysqld runs as mysql
    • rpc.statd runs as statd
    • dictd runs as dictd
    • avahi-daemon runs as avahi
    • gpsd runs as gpsd
    • postgres runs as postgres
    • ntpd runs as ntp
    • freshclam runs as clamav
    • exim4 runs as Debian-+
    • apache2 runs as www-data
    • all my applications run as me

    There are 207 processes of which 137 run as root.

    So, I don’t agree that “most of everything” runs as root. root runs more processes than anything else but pogson is second in the process-count with 44 and the OS is taking care of tons of low-level services that need to be done quickly in the background.

    A lot of the vulnerabilities related to X can be eliminated by not having an Xserver on the terminal server and having everyone on their own thin client, a very practical and effective solution widely used. Then you can add layers, like encrypting the network-traffic and running each user in some kind of box and running major applications on their own terminal server. With all those layers SELinux becomes formidable, not negated at all. I’ve rarely used any of those and I’ve never had the kind of insecurity that comes from running that other OS.

  8. That Exploit Guy says:

    There is a reason why the Linux world is attempting redo everything about graphical.

    Oh… Wayland. When it finally arrives at major distros, we shall discuss it in all its glory details.

    But, until then, this is all just very elaborate hand-waving, isn’t it? I dunno, but have you ever tried a retort that doesn’t involve mentioning experimental garbage?

    That Exploit Guy linked to is not 100 percent correct either.

    And that’s in contrast to you, who is always correct?

    Don’t make me laugh.

    Framebuffer based interfaces directfb that have been used in the embed world have had GUI application isolation. Problem no Nvidia or ATI drivers.

    Well, hello, typical Peter Dolding’s word salad.

    Also I guess you did not read the complete post you are quoting either That Exploit Guy.

    I have. Several times, in fact. You are welcome to believe in whatever you believe in, though.

    Can the X11 issue of isolation be achieved Qubes that is a Linux based OS achieved it.

    Perhaps you yourself should try and reading the same article at least once?

    It very plainly tells you that Qubes is not immune to the problem with processes running under the same Xen domain. Congratulations, you have just discovered the rather well-known fact that processes in different Xen virtual machines don’t share the
    same graphics stack!

    Of course the level of being expert on exploits you should be aware that the claim that with selinux enabled as much possible that everything the person talked about being possible is bogus.

    Again, have you tried reading the blog entry at least once?

    What it plainly tells you is that the problem it describes applies whether or not you have SELinux in place. Also, has it not occurred to you that your page you link to pretty much indicates SELinux is a bolted-on thing that attempts to imitate Windows, and does so poorly? Well, of course you don’t. You were simply citing it thinking it was something completely different.

    How stupid and pathetic.

    The issue we have is if we enable selinux on X11 to the max.

    Again, the blog entry tells you SELinux makes no difference to the problem being described. Also, what does enabling “SELinux on X11 to the max” supposed to mean? SELinux isn’t a dial that you can turn between “0” and “11”, ya know ;).

    Systemd’s logind cgroup wrapping is going to become very important in time.

    That’s oddly specific, and not terribly relevant.

    This is not to mention that putting things in different cgroups break IPC. Again, reinventing Windows, and doing so poorly and all that.

    You must have never watched any of the selinux conference videos

    I watched some of them some years ago and they were all pretty pandering, evangelical and generally unhelpful (perhaps that’s why morons like you are completely mesmerised by SELinux). Yeah, I get it – setuid is bad and we must move away it. Can anyone point to me, though, a single non-*nix operating system that comes with such a brain-dead root/non-root privilege separation scheme that virtually anything else constitutes an improvement?

    Not even Windows NT, dear. Not even Windows NT.

    Linux has got security around background services fairly much sorted.

    No, it doesn’t. If you actually pay attention to many popular distros (e.g. RHEL), you’ll instantly notice they run most of everything as “root”, which negates pretty much all the benefits you can get from SELinux and cgroups.

  9. oiaohm says:

    That Exploit Guy something you are forgetting and its important. The process for handling clipboard, screen shots, keyboard input…. in NT designed OS’s, OS X and X11 were all designed on the model that Applications can be trusted.

    Vista, Windows 8, Windows 8.1 and Windows 10 still include features from the first version of NT build in the presume that applications are trust-able without user consent to interact with each other and modify each other. The reality here is just down right sad. That Exploit Guy basically don’t throw stones from a glass house. Windows from graphical security is not much better than anything else and in some cases worse. At least a user using X11 is normally aware that is insecure.

    Wayland based tech does at least promise us something that might at long last achieve a secure desktop that is useable. Even Wayland has issues because Nvidia is not wanting to redesign their driver for the modern more secure age. Cost is Nvidia arguement. Microsoft had the same problem with Vista where Nvidia and ATI jacked up on them. Try to implement a secure desktop designed be ready to fight tooth and nail with the video hardware companies and even show the finger to get point across that they must.

  10. oiaohm says:

    Yes vista attempted but when all the dust settled they had basically made very progress over all.
    I missed a word.
    Yes vista attempted but when all the dust settled they had basically made very little progress over all.

  11. oiaohm says:

    That Exploit Guy to be serous the security on MS Windows for GUI is fairly a much a joke as well. Yes vista attempted but when all the dust settled they had basically made very progress over all. Yes you got session 0 with vista. So all you background services are now connected to session 0. This is super bright right. One breached background service could breach other services connected to the same virtual desktop under Vista on. Ok it did not breach the desktop woohoo directly. Each service is not sandboxed individually as they should be…. Yes the problem just gets worse and worse.

    http://www.x.org/wiki/Events/XDC2014/XDC2014DodierPeresSecurity/
    There is a reason why the Linux world is attempting redo everything about graphical. Please note this is not the only issue. Wayland does touch and tablet input device differently to OS X, Windows and X11 as well.

    The Linux Security Circus: On GUI isolation that That Exploit Guy linked to is not 100 percent correct either. Framebuffer based interfaces directfb that have been used in the embed world have had GUI application isolation. Problem no Nvidia or ATI drivers.

    Also I guess you did not read the complete post you are quoting either That Exploit Guy.

    Can the X11 issue of isolation be achieved Qubes that is a Linux based OS achieved it. Qubes methods can be implemented on Debian and most other distrobutions.

    Of course the level of being expert on exploits you should be aware that the claim that with selinux enabled as much possible that everything the person talked about being possible is bogus.
    http://selinuxproject.org/page/NB_XWIN this nasty annoying stuff where you copy stuff to clipboard on app one and try to paste into app two application and nothing will paste because selinux blocked it yet you copy app two to app one and it works. At this point user is getting very angry.

    The issue we have is if we enable selinux on X11 to the max. Users hate us. Dodier Peres Security write up covers the same issue. We have to work out how to secure a desktop without driving users nuts. It is not easy and we cannot look to Windows or OS X or any other platform to copy a solution from because a working solution does not exist.

    It worked out to fix these security nightmares it is easier to redesign the complete graphical environment and init system. Systemd’s logind cgroup wrapping is going to become very important in time. Just like Qubes everything is having to be design as if sand-boxing is expected.

    That Exploit Guy you claim that I google my answers for the crap you bring up that is all you must do. You must have never watched any of the selinux conference videos on this topic or any of the Qubes like ones. The issue is secure desktop + happy users does not exist yet. Linux has got security around background services fairly much sorted. GUI applications and Service interfaces Linux world has to fix up. Wayland process is well on way to deal with lots of this.

  12. That Exploit Guy says:

    Tricking someone into using that OS and M$’s office suite as intended makes the whole thing fall down. It’s like 1995, or 1998 or 2001 came calling…

    Or do you prefer 2004? I heard it’s a very good year.

    Or do you prefer something that better suits your narrative and none of this “X is the security equivalent of Swiss Cheese” stuff?

    Because, come to think of it, there is not much to say about X in regards to security. In fact, one might as well regard the security of X as a total joke. Yet, time and time again, you have promoted X on Linux as an alternative to Windows. Don’t you find this just a little ironic?

  13. oiaohm says:

    If you had watched the XDC2014 videos there is a nice one about wayland secuirty. The problem they have is they cannot find any working examples of Desktop security that works(yes they did look at windows). Server security Linux side is getting very solid.

    The reality here lot of “proper operating system with real security features” is really lacking. Both systemd and wayland and planing on using the security features that have existed in Linux for a long time. Remember Unix old rule everything as a file for security and with NT Designed OS is everything as a Object. Problem X11 until DRI3 does not use files. NT Designed OS anything that is not a Object also lack security protections.

    GEM buffers was a complete example of how determined the X11 world was to implement in a so called platform neutral way with the result of being complete disconnected from the OS security. The X11 world as at long last out grown their stupidity. Even Nvidia has out grown their stupidity of using own private memory system disconnected from OS security but its going to take Nvidia a while before they release a KMS driver that is connected properly to Linux OS security. If Nvidia/ATI/AMD tried to submit drivers with the same faults for windows there is no way Microsoft would approve them. This kind of bad behavior inside closed source drivers is why Linux kernel developers have very little like of closed source drivers.

    Distributions are killing off sysvinit because it just is not good enough.

    Robert Pogson that own by font is own by font engine. In fact visit a website by IE with website instructions to download font in background can own inside the IE sandbox but the sandbox can capture screen and clipboard and piviate keys IE User is currently using. Ok many not have got into system but this is fairly nice for someone doing man in middle monitoring. Note if the browser render section was properly separated and sandboxed liked chrome the browsers private encryption keys would not be extractable in this form of attack. IE browser sandboxing has a long way to go it is not as separated as it should be yet.

    I will also give Linux has a long way to go. Most of Linux issues is not a case that the Kernel lacked the security features. You would say that Linux is where XP was. But Linux is not staying there. The growing number of registry security settings from the time of XP is massive. Linux secuirty growth has been crippled for many years by X11 world stupidity backed by Video card drivers and the old Unix guys who cannot stand change.

  14. oiaohm says:

    DrLoser sandboxing is supported in Linux chrome fully uses it.

    Heartbleed class bugs is SSL library the browser doing stuff it should not. Sending traffic unencrypted while showing the padlock IE has done. There have been some pretty nasty SSL bugs in Microsoft SSL implementation. Heartbleed does not allow shell attacks. Heartbleed is data loss only most critical being the private keys. Microsoft SSL implementation has had equal issues. Sorry you have mixed two completely different bugs with each other.

    Shellshock is the one that allows remote issues. There have been remote issues with powershell where the environment options can cause administrators to have actions changed. So what the difference. Bash was used in more places that is it.

    DrLoser before I bother quoting stuff to you please quote proper information about Heartbleed and Shellshock. After you have that it should be dead simple to find the CVE that match up to them that are Microsoft SSL and Powershell.

    Shellshock is a issue because this style of problem was known about in 1990 and is in a Unix book. First fixed in 1993 by the BSD based operating systems. Yet 20 year later Linux, Windows and OS X has shipped with a shell containing this style of bug.

  15. DrLoser, daring to defend that other OS after one of the most serious Patch Tuesdays ever, wrote, “IE uses very much the same sandboxing techniques that all other browsers use. In fact, I’d go so far as to suggest that the three main security threats with browsers these days are a) PEBCAK b) XSS and c) Java.”

    see The Register, “It’s 2014 and you can still own a Windows box using a Word file or font”

    Tricking someone into using that OS and M$’s office suite as intended makes the whole thing fall down. It’s like 1995, or 1998 or 2001 came calling… I have a sick feeling recalling how frightened users of that other OS were of “breaking something”. IT is supposed to empower people not to terrorize them.

  16. DrLoser says:

    olderman calls other distros crapware. Look it up.

    No, you’re absolutely right on that point, Robert. I stand abashed and corrected.

    And incidentally I agree with olderman on that point, although I’d give a free pass to CentOS.

  17. DrLoser says:

    Its not like IE has not had Heartbleed class bugs.

    Ummm … yes it is, oiaohm.

    IE uses very much the same sandboxing techniques that all other browsers use. In fact, I’d go so far as to suggest that the three main security threats with browsers these days are a) PEBCAK b) XSS and c) Java. One of which is touted as FLOSS round these parts …

    It’s difficult to compare IE vulnerability against Chrome, Firefox, and others, because IE only runs on a proper operating system with real security features that offer robust support for “sandboxing.” All the others, unless the user is very careful and chooses that OS, run on some flavour of *nix, which is a bit lacking in those respects.

    This “class” thing: are you referring to a class of exploits that operate through a misbegotten parser and consequent direct leakage of arbitrary shell commands on a server?

    No? Well, that pretty much sums up the “class of exploits” we are looking at when we look at Heartbleed.

    Perhaps you would care to be more specific about “class,” oiaohm? Citations as usual, please.

  18. oiaohm says:

    DrLoser browser design does effect how big of damage we are looking at.

    Chrome was design with sandboxing included. Chrome had the least damage from Heartbleed. Its not like IE has not had Heartbleed class bugs.

    Firefox, Safari, Opera you might be able to put in the class of IE. Issue to remember IE still supports downloading Active X controls from where ever. The weakness that puts IE behind everything else is Active X. All other browsers have decided not to implement it.

    http://www.scmagazine.com/internet-explorer-security-feature-blocks-outdated-activex-controls/article/370854/
    Yes this is September this year. We are still mopping up the fall out of Active X in IE today. DrLoser if we were not still mopping up Active X issues you could claim that IE is about as secure as every other browser. Firefox/netscape plugins are in design fairly insecure but you don’t have the case of visit a site and the browser just download and install it from untrusted locations.

    Heartbleed and Shellshock have been fixed very quickly. Active X rolling disaster has been going on for over 20 years.

  19. DrLoser wrote, “olderman works with RHEL, which I would assume is an acceptable subset of RHT for current purposes, and doesn’t remotely subscribe to this completely false equivalence.”

    olderman calls other distros crapware. Look it up. Google works.

  20. DrLoser says:

    IE, is and SHALL always be, a glorious disaster.

    I was previously unaware that you could reliably look into the future, Dougie. Nor that you have access to the IE code-base, or test sets, or indeed anything relevant.

    Now, I’m not going to claim that IE, post IE6 (and people should really stop using that), is all that much better from a security perspective than Firefox, Chrome, Safari, Opera, whatever. But I am going to claim that it’s not a whole lot worse, either.

    And, frankly, it hardly matters how insecure your browser is when you’ve got things like Heartbleed and Shellshock sitting underneath. Pick any browser you like — it makes no difference.

    Which is why I asked you for statistics, Dougie. And I believe you offered none at all, did you?

  21. DrLoser says:

    I think they have a long way to go before they are anything like M$. In some people’s minds RHT=GNU/Linux (e.g. olderman)…

    I imagine a cite for that (personal observation: I’m adding 1 to the FLOSS total this week, ram) is not beyond your capabilities, Robert?

    My understanding is that olderman works with RHEL, which I would assume is an acceptable subset of RHT for current purposes, and doesn’t remotely subscribe to this completely false equivalence.

    It doesn’t really matter. In the real world, you get to choose between Linux and *BSD. You get to choose between gcc and icc and clang. You get to choose between MySQL and MariaDB and PostgreSQL.

    You get to choose from a wide palate. Somehow, I was under the misapprehension that this was the whole point of FLOSS.

    Your insistence on adding Gnu into the mix smacks of old-world evangelical religion — the stuff really isn’t useful any more.

    Except for emacs, of course. Tell me, Robert, which fork of Emacs do you recommend?

  22. Agent_Smith wrote, “RH is becoming more and more like MS”.

    I think they have a long way to go before they are anything like M$. In some people’s minds RHT=GNU/Linux (e.g. olderman), and they certainly do play a leading role but it looks to me as though the systemd thing may be advantageous to a lot of RedHat users with tons of servers, virtual and otherwise, but it is a form of lock-in to RedHat. No doubt they have “tools” that play systemd like a piano. For the rest of us and particularly those on single-user desktops, it’s just overhead. I do appreciate the faster booting but they don’t need to change everything to get that. For the time being, I just hope they don’t break my system. I’ve already had several “dangerous” looking situations with apt-get upgrade, things like packages being held back for systemd and an unusually large number of upgrades just to deal with systemd. It’s not fun any more to do things like “mount”. I have to grep to find things I want because systemd is mounting tons of stuff I care nothing about. Others find spam in the logs whilst debugging. It’s a bit much. It’s making sysvinit look like the “good old days”. I might just lock down my stuff onto Debian Wheezy and just upgrade the applications like FireFox and LibreOffice.

    The spat between/around Linus Torvalds and Lennart Poettering is informative. While Linus is all about getting the job done, that other guy just seems to want to be offensive. I am offended by systemd.

    Linus v Sievers

    Poettering v Linus

    Other items of Poettering’s work are not popular with me and others: pulseaudio among them. I’ve ripped that stuff out repeatedly when it gets in my way. Systemd is another matter because it’s process 1… Further, since this systemd thing happened, my poor Beast has had all kinds of weirdness happen: occasional freezes, and sometimes “suspend” doesn’t or does twice… That’s not the kind of behaviour I had months ago.

  23. Agent_Smith says:

    Robert Pogson wrote:
    “I’m thinking that GNU/Linux is becoming more like that other OS as time goes on.”

    And RH is becoming more and more like MS. “Beware to do not become what you hate the most” – It’s happening with RH… :-\

  24. Ivan says:

    “it’s just frickin’ text listing dependencies and where to install”

    You just keep thinking that, kurkosdr, good luck when you have to install an RPM5 package on a system built around RPM4. It’s just text, right? What could possibly go wrong…

  25. Agent_Smith wrote, “Later, that was disastrous, since IE became a security hole the size of Texas.”

    I’m thinking that GNU/Linux is becoming more like that other OS as time goes on. No doubt systemd will monitor itself for security problems and give a hit to performance… Sigh. Is it time for radicalism in GNU/Linux to arise and take us back to our roots? Will Debian add a flavour, “traditional”? We are OK for a couple of years the way Debian moves but what is the fall-back position if systemd crashes and burns and is too complex to fix in a few days??? The old way was much more fixable. Just lift the hood and apply your pliers…

  26. dougman says:

    IE, is and SHALL always be, a glorious disaster.

    Who uses IE anymore? Look at 2002 vs 2012, see how much usage dropped?
    http://www.w3schools.com/browsers/browsers_stats.asp

    “the security update for IE resolves one publicly disclosed and 36 privately reported vulnerabilities”…wow, 36 privately reported, zero-day bugs. *Rolls-eyes*

    http://www.itpro.co.uk/security/23090/microsoft-patch-tuesday-fills-massive-zero-day-hole-in-internet-explorer

    Internet Explorer: The only browser you’ll ever need to download a better browser.

  27. DrLoser says:

    Later, that was disastrous, since IE became a security hole the size of Texas.

    American Samoa, surely? I mean, let’s get our scales aligned here.

    It’s not like IE was ever a security hole the size of Heartbleed or Shellshock, is it?

    Or perhaps it is. Show us your stats, big boy.

  28. kurkosdr says:

    “when they(MS) inserted IE inside windows 98 guts, and no one asked for it.”

    The customers asked for IE so they don’t have to search for a browser. “Gets you online in 10 minutes or less” was a big marketing sell back then, and you couldn’t count on ISPs shipping a (quality) browser in the ISP CD. And IE was put inside Windows 98 because the world was riding high on the whole “the internet is going to make the desktop obsolete” nonsense, not because of some FOSSie conspiracy theory to encourage everyone to use IE*. BTW, does this remind us of something? Oh yeah, Das Cloud.

    “systemd is a coup of Red Hat in the global free software community”

    I thought the whole point of FOSS was to not have “coups” and “forcing people into”.

    Anyway, I guess we have a new nonsense religious war in there, niiceee…

    Let’s see:
    -UI wars
    -Deb vs Rpm (most nonsensial and loudest one, since you can convert between the two, and as lunduke said, it’s just frickin’ text listing dependencies and where to install)
    -Audio wars (PulseAudio vs Phonon vs ESD)
    -Display server wars (Mir vs Wayland) and,
    -Systemd vs Upstart

    Meanwhile at a software vendor: “Boys! We are considering shipping a “Linux” version of our software…….. What do you mean there is a religious war going on for every part of the stack except the kernel and the coreutils?”

    But… Linux is powered by the community and choice. Linux is powered by the community and choice (it has a nice ring to it, right?)

    *it was a simple bunding with Windows 95 that accomplished that

  29. Agent_Smith says:

    systemd is a coup of Red Hat in the global free software community. It’s RH pulling a Microsoft on the whole community and making GNU/Linux like windows 98, when they(MS) inserted IE inside windows 98 guts, and no one asked for it.
    Later, that was disastrous, since IE became a security hole the size of Texas.

Leave a Reply