Fixing the Desktop Linux Security Model

Patrick · March 28, 2020, 8:39am

madaidan via Whonix Forum:

Patrick:

Also the functionality of systemd core, the drop-in config functionality and its success (distribution adaption) doesn’t make it look incompetent at all.

Most distributions don’t care for security so that’s not a good indicator.

And security-fussed distributions are also using systemd or don’t exist.

We could probably even create our own init with compatible syntax with systemd if you want.

The main issue is this one:

Then also distributions that went non-systemd such as Devuan. That
doesn’t look easy at all.

And then there were also a lot people working on that.

I don’t see any reason to pick on the init system as there’s a lot
things which arguably could use a rewrite:

Due to this it’s hard to pick which projects to reinvent. Then also
project resources are very scare. Therefore I cannot take up tons of
complex projects.

Issues mentioned in this thread are also ambitious to say the least. I
am also convinced it doesn’t make sense to debate priorities since these
debates are to complex and endless. There’s always an argument which
trumps other arguments.

I guess it’s about to define what I can do with the Whonix project.
There’s things I am good at and things where I am not good at. For now,
certainly I cannot become upstream for tons of new packages and/or
significant amount of C / assembler code.

research and implementation project
take existing components available from Debian, rare exceptions
reconfigure for anonymity/privacy/security according to research results
use things which are already documented elsewhere and feasible to
implement
no huge architectural changes such as recompilation of packages from
Debian / don’t replace systemd
if there’s a more secure base distribution, worthwhile, suitable for
re-basing, rebase to it

Patrick:

In comparison to Android, the people who reported http://cloak-and-dagger.org, judging by the timeline also didn’t seem to be happy with Google’s way to handle the security vulerability.

I don’t see why you’re comparing it to android.

Because suggestions originate from Daniel Micay who works on GrapheneOS
which is Android based. He has a point in his analysis and there’s lots
of other valid points here too, but I still think it’s not feasible to
address them all at once since there’s always another argument around
the corner invalidating the whole design.

Patrick:

Pwnie Awards are plenty as per Pwnie Awards - Wikipedia Debian was also on the list

Debian’s was because of a mistake. It isn’t the same and we’ve already talked about replacing Debian.

Debian as far I know didn’t apply any organization or policy level fixes
which would prevent such an issue in future.