Re: major changes if gnu/linux dominates the desktop and/or mobile market?

[Solar Designer <solar () openwall com>]

Hi,

Here are a couple of updates on what was said in this thread earlier.

Things started changing regarding home directory permissions on Ubuntu:

https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2020-November/018842.html
https://discourse.ubuntu.com/t/private-home-directories-for-ubuntu-21-04-onwards/19533

Alex Murray from Canonical proposed "that it is time we moved ahead and
stopped creating home directories as world-readable on Ubuntu".  Later
he added: "since there was no opposition to this proposal, I have
uploaded updated adduser and shadow packages to hirsute-proposed to
support setting the mode of home directories to 750 by default when they
are created via either adduser or useradd."

On Mon, Oct 19, 2020 at 01:22:49PM +0200, Solar Designer wrote:
> > On 10/5/20 2:48 PM, Solar Designer wrote:
> > > Then there's the trend towards having a desktop-like Linux system on
> > > mobile devices again.  Before Android, we had e.g. Maemo and MeeGo.  Now
> > > we have e.g. Ubuntu Touch, postmarketOS, and Sailfish OS.  As far as I'm
> > > aware, so far this means lack of isolation between the apps just like we
> > > have on the desktop.
>
> BTW, there's a Russian security-hardened fork of Sailfish OS called
> Aurora.  I've skimmed and searched its user's manual (in Russian) for
> any mentions of isolation between the apps - found nothing, so I assume
> there's none.  (This isn't to say they haven't implemented any security
> changes - I think they have.  An interview I read with their CEO
> looked surprisingly reasonable.  However, it appears that addressing
> cross-app attacks is completely out of their focus.)

The release notes for Sailfish OS 4.0.1 include this:

"Contributions from Aurora OS
[...]
Security: Isolation of applications (a.k.a. application sandboxing)
implemented for the platform (core) apps, based on Firejail app
sandboxing."

Alexander