Workspace -- an alternative to AppArmor?

Chat about Linux in general

Workspace -- an alternative to AppArmor?

Postby mike acker on Fri Mar 14, 2014 10:12 am

it occurs to me that, Linux being naturally a multi-user system that on the Mint GUI we should be able to create an option whereby a system operator could LOGON under a second User-ID when switching to (e.g.) workspace2

this would need to be configured in System Options someplace.

when this occurs the second User-ID would get access to a separate set of libraries. which might be highly desirable,-- as it would tend to prevent various types of scripting or glitches in software objects from improperly accessing data that the first user id does not want to share

thoughts?
Home assembled box using ASUS M5A88-M motherboard and AMD Phenom II X4 3.4GHz cpu
User avatar
mike acker
Level 4
Level 4
 
Posts: 342
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Linux Mint is funded by ads and donations.
 

Re: Workspace -- an alternative to AppArmor?

Postby xenopeek on Sat Mar 15, 2014 7:00 am

User avatar
xenopeek
Level 21
Level 21
 
Posts: 14561
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Workspace -- an alternative to AppArmor?

Postby mike acker on Sat Mar 15, 2014 10:31 am

i think the key to thinking about this lies in recognizing that every program the user launches runs under that user's credentials.

Example:

If I launch the File Manager (NEMO) I can access /Documents/Correspondence/
and -- then read any file I like using any program I like

If I launch my internet browser the same holds true: I can access anything that belongs to me. But a browser runs scripts. Now from what I read, JavaScript by design can't just read and write on my computer anything except for "cookies" . which is all well and good as far as that goes . but what else is going on ? Browsers can be hacked and when they are they the hacker is on the loose -- running with the user's credentials; i.e. access to anything owned by the user.

which has led me to create additional user IDs at times. but this is inconvenient as to use another user ID I have to log out and log back in. I like the work-spaces we have here in MINT and it occurred to be that if I could set a switch to tell the system "workspace 2 need to log on as another user" I can get much better isolation while sacrificing a bit less convenience.
Home assembled box using ASUS M5A88-M motherboard and AMD Phenom II X4 3.4GHz cpu
User avatar
mike acker
Level 4
Level 4
 
Posts: 342
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Workspace -- an alternative to AppArmor?

Postby viking777 on Sat Mar 15, 2014 1:15 pm

I can see you are a deep thinker Mike and with some neat ideas too! I have been looking into a lot of security based ideas recently, and even made some changes to my filesystems and browsers as a result, but nothing really does what I want it too. Ideas like SeLInux and AppArmor are way way too complicated for anything other than corporate users with sysadmin backup, ideas like Tor are fine if you are a paedophile or a dissident in a country without any concept of free speech, but otherwise are really OTT, but ideas like separate user accounts for separate functions are really much nearer the mark.

I like xenopeek's Qubes recommendation as well - I haven't heard of it before, but unfortunately anything based on virtualisation instantly turns me off, even though I use Vm's occasionally, I have always thought they are dramatically over hyped, a bit like "The Emperor's new clothes" and I would prefer not to use them at all, but I do understand their security potential. I still might have a look at Qubes though.

The only problem with your idea Mike is that I think you would have to tailor the Linux file system permissions from 'ugo' (user, group, others) to 'u1,u2,u3 etc g1,g2,g3 etc, others' to make it really work and that might not be too easy and would play havoc with newbies :lol:

Edit. Actually that last sentence is complete rubbish, you can easily accommodate what you suggest with existing groups permissions.
Fujitsu Lifebook AH532. Intel i5 processor, 6Gb ram, Intel HD3000 graphics, Intel Audio/wifi. Realtek RTL8111/8168B Ethernet.Lubuntu 13.10,Ubuntu12.10 (Unity), Mint16 (Cinnamon), Manjaro (Xfce).
Image
User avatar
viking777
Level 14
Level 14
 
Posts: 5153
Joined: Mon Dec 01, 2008 11:21 am

Re: Workspace -- an alternative to AppArmor?

Postby mike acker on Sun Mar 16, 2014 8:07 am

I borrowed some of my thinking from the old IBM/MVS : "Multiple, Virtual Systems".

in reality each user who logs on -- creates his own "VM" to run in . Isolated from other users on the system.

which I think covers the problem of 2 and more users running on a system at the same time rather well. the issue I've been concerned about is the common use of credentials in each user log on: after I log on every program I launch runs using my log-on credentials.

which really isn't what you would want when you are dealing with executable documents such as web pages which are loaded with java script and who knows what else, or "modern" documents loaded with VBS, macros, & etc. the trouble is: you are sharing your system with the guy who wrote the scripts in those "modern" documents

which would lead one to investigate AppArmor or similar solution.

but in looking at MINT -- and using the Workspace option -- and thinking ......hmmmmm Linux is naturally a multi-user system -- why could we not have an option to make the 2d workspace log on as a separate user?

all i'd need to do then is move those directories that I do not want to share to my alternate user ID and then set up a shared directory for passing stuff when that would be needed.

according to what I read, Java Script is not supposed to let a web-author run rampant in a remote client machine. what about corruption though? the first objective in hacking is to "get code execution",--- i.e. to deliver an un-authorized program change -- followed by un-authorized programming -- into the victim.

A C program should keep its code and data pages separate and should apply memory protection to code pages. I'm trying to learn more about this. Hopefully Linux doesn't let programmers run code on un-protected pages.
Home assembled box using ASUS M5A88-M motherboard and AMD Phenom II X4 3.4GHz cpu
User avatar
mike acker
Level 4
Level 4
 
Posts: 342
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Workspace -- an alternative to AppArmor?

Postby kurotsugi on Sun Mar 16, 2014 8:36 am

based on your explanation virtualbox might meet your criteria. you can load a barebone linux with only DE and a browser to make it as light as possible. you can also use something similar with TAILS which build with privacy and security in mind. in worst case scenario when the browser in the VB have been hacked it can't read anything in your system since they're separated.
kurotsugi
Level 5
Level 5
 
Posts: 890
Joined: Fri Jan 25, 2013 3:54 am

Re: Workspace -- an alternative to AppArmor?

Postby Previous1 on Thu Mar 20, 2014 6:28 pm

kurotsugi wrote:in worst case scenario when the browser in the VB have been hacked it can't read anything in your system since they're separated.


Actually they're not - at least if you run the VBox client under the same X-server. It's why some liveCDs recommend to not run them from within the OS.
Image
Tutorials | cynicaltux
Arch Linux i3wm, 64bit
User avatar
Previous1
Level 4
Level 4
 
Posts: 366
Joined: Sun Dec 01, 2013 11:48 am

Linux Mint is funded by ads and donations.
 

Return to Chat about Linux

Who is online

Users browsing this forum: No registered users and 3 guests