oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: major changes if gnu/linux dominates the desktop and/or mobile market?

From: Brian May <brian () linuxpenguins xyz>
Date: Wed, 07 Oct 2020 08:00:05 +1100
Greg KH <greg () kroah com> writes:


https://www.theregister.com/2015/06/17/debian_chromium_hubbub/
Chrome, Debian Linux, and the secret binary blob download riddle
Browser snuck proprietary voice-snoop code into distro


I don't understand the question here, that was something over 5 years
ago.  How is that relevant for "mobile devices" that run Linux today?


That link looks like a once of issue that Debian had with the
distribution of Chromium. Which was probably fixed years ago.

More generally, in a typical Android install, there is closed source
software - drivers, firmware, Google APIs, Google Play. Before you even
get to installing closed source apps from Google Play.

These are a concern from a security point of view because you have to
trust the device manufacturer / Google with the security aspects of such
code, and there is no possibility of somebody else auditing the code
because the source code is not available.

Android devices typically require a forked version of the Linux kernel.
I believe they are slowly moving to reduce the changes required by
merging them mainline, but not sure how that is progressing right now.
Otherwise, I imagine this might have security concerns too.
-- 
Brian May <brian () linuxpenguins xyz>
https://linuxpenguins.xyz/brian/
Previous By Date Next
Previous By Thread Next

Current thread: