HackerLangs
TopNewTrendsCommentsPastAskShowJobs

Bu9818

no profile record

comments

Bu9818
·2 lata temu·discuss
>namespaces (which have been a frequent source of vulnerabilities)...

Unprivileged user namespaces sure, but I don't think that applies to namespaces in general (which without unprivileged user namespaces can only be created by root, and LPE is the concern with unprivileged userns due to increased attack surface). systemd doesn't need unprivileged userns to run.
Bu9818
·2 lata temu·discuss
Yeah I was wrong about that, I confused it with socket-activation passing. The systemd-side socket is available from the process.
Bu9818
·2 lata temu·discuss
Services may be in a different mount namespace from systemd for sandboxing or other reasons (also means you have to worry about filesystem permissions I suppose). Passing an fd from the parent (systemd) is a nice direct channel between the processes
Bu9818
·3 lata temu·discuss
>Honest question: why does this matter? If you end up with running malware as your user haven't you already "lost" in any of a wide variety of ways that Wayland does nothing against?

The security benefits of wayland are useful when you're also using other things like namespaces/seccomp (with bubblewrap/flatpak), and pipewire which I believe has a similar access control mechanism.

>Or is it that Wayland is trying to bring the mobile security model to the desktop with partially untrusted apps?

I trust my programs, but they can have bugs when parsing untrusted content. (ffmpeg, browsers). Although I've never been hacked, I'd like my systems to have defenses against this (without going full mobile security mode and giving up functionality and user freedom, or running everything in inconvenient isolated boxes with VMs).

Also, I'm not sure if I'd trust proprietary games, so preventing them from doing naive things (I don't expect them to exploit kernel vulns) like snooping on files by using namespaces is nice.
Bu9818
·3 lata temu·discuss
Yup, or with your own scripts managing bwrap and security-context if not using a DE/Flatpak.
Bu9818
·3 lata temu·discuss
For good, functionality-related reasons at the time[0], and everyone in the Wayland space had been using the mesa library except nvidia with their own proprietary libgl.

[0]: https://github.com/swaywm/sway/issues/490#issuecomment-47174...