Hi !
I wanted to announce that I updated the title and description of my BoF
(scheduled on Friday, 10am) after realizing they weren't very useful to
people who didn't already know what it was about :
https://debconf18.debconf.org/talks/1-debian-sandboxes-for-users-and-developpers/
Best,
nicoo
----
This BoF is here to discuss fast, on-demand creation of lightweight (but
secure!) sandboxes. This enables a variety of applications:
- sbuild/pbuilder-style build environments with stronger isolation;
- sandboxing of regular, packaged application, esp. desktop applications;
- safer, and more isolated, development environments;
- ...
Plainly, we have situations where we run untrusted code (either a large
desktop application exposed to a variety of attack vectors, or we literally
ran `{pip,npm,cargo,whatever} install`) and want to reduce the privileges
this code runs with (i.e. it may not do everything your current user can
do), the harm it can do, and the attack surface towards the rest of the
system.
There are current efforts to address this, like Flatpak and Snap for
desktop applications, and Docker containers for development, but they come
with very severe shortcomings: they all involve some (unspecified) upstream
shipping a complete chroot-like image, which is a return, in a sense, to
static linking (or at least it has all the same issues as far as security
support is concerned). Moreover, Docker isn't designed a s a security
boundary, and as such fails to provide strong isolation and security.
We can however be inspired by those efforts, and take advantage of the
support they introduced in various upstream projects: what if when a users
start LibreOffice (or enter their code directory) we could install the
necessary packages to a fresh environment, fast enough, and start the
application (or subshell) in a sandbox?
We could get the security and privacy benefits of those technologies
(prompting users before enabling webcam, only granting access to
explicitly-requested files, stopping random code from the Internet from
riffling through your ~/.gnupg), but still use software packaged in Debian,
with all the ensuing goodness (security support, DFSG-freedom, ...)
Attachment:
signature.asc
Description: PGP signature