Subj : Re: NetBSD 10
To   : Gamgee
From : Arelor
Date : Wed Apr 03 2024 03:16:36

  Re: Re: NetBSD 10
  By: Gamgee to Arelor on Tue Apr 02 2024 08:20 pm

 >  Ar> 5) Their sandboxing frameworks are much simpler to understand and
 >  Ar> blow Linux equivalents our of the water for applications in small
 >  Ar> deployments.
 >
 > Okay, but not something I use/need.

I personally think a modern, usable framework for privilege separation and access permissions for programs is overdue in vanilla Linux. It is a basic feature nowadays that works automagically on stuff like Android.

On OpenBSD, firefox installs get sandboxed by default. You are guaranteed firefox won't make any system call a web browser is not supposed to make and you are guaranteed it won't try and access files out of its sandbox. This is the _default_ configuration in OpenBSD and requires no effort. You just pkg_add your firefox and you get a jailed web browser. This is how it should work in Linux and this is what they are trying to accomplish in Linux with mixed results.

The Linux approach is to either use packaging that includes sandboxing (such as flatpack) or to use some mandatory access framework (such as AppArmor). Stuff like flatpack suffers because they usually give too much access to the programs they are running - like they go and create a sandbox which includes all of your $home in [!!!]). SELinux will make your head hurt very badly. AppArmor is fine but requires you to load an apparmor profile for your applications, and the profiles included with distributions are either too limited or outright broken. Linux distributors have this idea that they ought to have proper privilege separation for programs but they still don't get it quite right. You can eventually sandbox your stuff properly but it hits the "too effort intensive" mark very fast.

--
gopher://gopher.richardfalken.com/1/richardfalken
--- SBBSecho 3.20-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (21:2/138)

.