Linux security no longer a non-trivial issue?

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
runbei
Level 3
Level 3
Posts: 168
Joined: Fri Jul 25, 2008 12:49 am
Location: Mountain View, CA

Linux security no longer a non-trivial issue?

Post by runbei » Fri Dec 12, 2014 5:04 pm

After reading about the Turla Trojan on Linux, I'm concerned. Particularly eye-opening is the fact that the X system is apparently horribly insecure.

See this PC World article: http://www.pcworld.com/article/2859122/ ... it-is.html

I would surely love to see a step-by-step article on locking down a Mint main edition system to block these threats.

Also, do the Mint developers plan to replace X, as Ubuntu appears to be doing with Mir? Here's a cut from the PC World article:
X.org has security issues going back 20+ years

Late last year, we learned there are a huge list of security vulnerabilities in the X.org graphical server and its libraries. Some of these security holes have been around for more than 20 years. The researcher who discovered these holes said X.org security was a disaster, and “it’s worse than it looks.”

This week, many of these security vulnerabilities were made public knowledge. Your Linux distribution should be rolling out security updates for your X.org server and proprietary NVIDIA driver shortly, if it hasn’t already. But, even after these patches, X.org security still doesn’t inspire much confidence.

X.org is such a big problem because it’s based on the X11 architecture, which originated 30 years ago. Thankfully, new graphical server technologies like Wayland and Ubuntu’s Mir are about to take X.org’s place.

Edward M. Grant
Level 1
Level 1
Posts: 44
Joined: Sun Feb 16, 2014 7:03 pm
Location: Canada
Contact:

Re: Linux security no longer a non-trivial issue?

Post by Edward M. Grant » Fri Dec 12, 2014 10:24 pm

1. Don't install trojans.
2. Exploiting X bugs usually means that the code performing the exploit is already running on your machine, so your machine is already toast.
3. Wayland and Mir are sure to have exciting new security holes.

Mute Ant
Level 14
Level 14
Posts: 5135
Joined: Tue Sep 03, 2013 7:45 pm
Location: Norfolk UK

Re: Linux security no longer a non-trivial issue?

Post by Mute Ant » Fri Dec 12, 2014 11:18 pm

Here are testable facts, and fixes...
http://www.x.org/wiki/Development/Secur ... 014-12-09/
...they are not complicated...someone skipped elementary software procedure, like input-sanitisation, boundary checks, overflow/carry tests. So X bravely tries to display a 16GiB wallpaper and crashes, that sort of thing.
While you're waiting, read the free novel we sent you. It's a Spanish story about a guy named "manual".

User avatar
monkeyboy
Level 5
Level 5
Posts: 791
Joined: Mon Oct 13, 2008 11:30 am

Re: Linux security no longer a non-trivial issue?

Post by monkeyboy » Fri Dec 12, 2014 11:36 pm

I always ask myself how many people do I know who have gotten burned and then act accordingly. Happily I haven't seem big/any numbers on this threat yet and the local user group is clean too.
If you don't like it, make something better
If you can't make something better, adapt
If you can't do either ball your panties up and cry.

Complaining is like masticating most anyone can do it.
However doing it in public is really hardcore.

User avatar
WharfRat
Level 21
Level 21
Posts: 13159
Joined: Thu Apr 07, 2011 8:15 pm

Re: Linux security no longer a non-trivial issue?

Post by WharfRat » Sat Dec 13, 2014 12:54 am

I'm sure more and more exploits will be discovered soon and made public.

For the really paranoid you can compile the kernel with PaX and Grsecurity

http://www.insanitybit.com/2012/05/31/c ... rsecurity/

Another alternative is hardened gentoo

http://wiki.gentoo.org/wiki/Hardened/In ... ned_Gentoo

Another trick, while you're incorporating Pax or compiling hardened gentoo's kernel, is to change all module options to built-in and disable loadable module support.

Good luck :wink:
ImageImage

Post Reply

Return to “Newbie Questions”