Idea #19918: "Some otherwise good apps aren't terribly secure/privacy aware."

Ubuntu QA:

Blog

Brainstorm

Package status

The Ubuntu community has contributed 22700 ideas, 138270 comments, 2629576 votes

All more
Projects more
Global categories more
- Accessibility
- Documentation
- Education
- Gaming
- Graphics
- Hardware support
- Installation
- Internet & Networking
- Look and Feel
- Marketing
- Multimedia
- Office
- Programming
- Quality
- Security
- Server
- System
- Usability
- Others

Idea sandbox

Popular ideas

Ideas in development

Implemented ideas

Idea #19918: Some otherwise good apps aren't terribly secure/privacy aware.

Written by r0g the 19 May 09 at 23:49. Related project: Nautilus. Status: New

Rationale

In short, can we provide extra security/privacy for our data despite wanting/needing to use insecure apps?

Linux permissions do a good job of automatically protecting core system files from change but data privacy/security seems to be predicated on an assumption of userspace security which is generally unrealistic. At the same time for many people losing the privacy of their data can be far worse than losing their OS install or hardware. For example in my case...

I have some applications which I love but which aren't written with security in mind. The main one I'm thinking of here is FileZilla which stores all usernames and passwords as plain text but many other apps simply assume their environment will always remain private. One of the MAIN REASONS I switched to a linux based system was to get a bit more security as since I became a web developer a few years back I have stared to accumulate LOTS of other peoples web hosting credentials. This is valuable booty to some miscreants and I guess it has been standard hacker practice to scan for unencrypted ftp/ssh credentials for time immemorial but I am troubled to hear many worms and trojans now do the same as a matter of course and I would like an extra line of defense against this.

There are lots of encryption solutions, some of which I already use such as truecrypt but these don't really hit the spot as once a volume is mounted it can be read by any user/process. This means that any intrusion into my user space (say from a browser bug) while I have a truecrypt volume mounted might trivially compromise all my most private data. I'm sure we have the technology to protect against this.

Note: Please do not reply Ubuntu is secure enough already or vote this down because 'Ubuntu does not get viruses'. *nix is only that way because developers were sensible enough to take precautions before there were widespread problems. Nothing is infallible and the one thing worse than a total lack of security is a false sense of security!

Tags: application encryption security

46
votes

Solution #1: Encrypted Applications.

Written by r0g the 19 May 09 at 23:49.

What I would like is a way of installing/launching an app in it's own little encrpyted file system bubble so all its settings are always encrypted and ONLY THAT SPECIFIC PROCESS can read and write to it. In essence this would be like a small truecrypt volume tied to a specific PID. Obviously it would require a key to be input from somewhere so maybe this could be kept on a keyring protected by your admin password or simply based of a very hefty hash of your admin password.

I'm pretty sure all the tricky technicals are already in place (loopback, encrypted and union file systems, access control lists, keyring) it would just needs munging together and integrating into the desktop/file browser with a nice simple interface suitable for mere humans like myself :-)

27
votes

Solution #2: Make possibility to encrypt file by wallet.

Written by Lachu the 20 May 09 at 06:24.

Wallet should have API to generate key for configuration file/documents encryption. Application should use wallet API to operate on this files. It allows us for example to import settings from one application to another. It may only requires to open keyring and accept another application to have access into specific key. User can also disagree to encrypt some files.

14
votes

Solution #3: Integrate gnome-keyring/kwallet with more applications

Written by Zanko the 2 Jun 09 at 21:40.

The job of storing credentials belongs to gnome-keyring (or kwallet in KDE), but many applications don't use it (Pidgin, Firefox...). Using gnome-keyring mean having credentials stored in one single place and encrypted.

Firefox for example have its own way of storing credentials, with it's own master password system, however an addon (which probably needs to be improved as it seems buggy) is available (https://addons.mozilla.org/en-US/firefox/addon/8737) and could be provided by default.

Other applications should be patched to use it.

Applications that don't want to be tied to Gnome-keyring or kwallet (like Pidgin which store passwords in plain text because it want to be portable on OS X and Windows) can use PPassKeeper, a library which provide an abstraction layer for this tools and store passwords in plain text only if they're not available.

2
votes

Propose your solution

Attachments

No attachments.

Duplicates

[Report a duplicate and merge its votes to this idea]

Comments

vantrax (Idea reviewer) wrote on the 20 May 09 at 01:36

Nice idea, kinda like the sandbox maneuver that Chrome/Chromium uses. It would be nice to see that applied to other net based apps.

r0g wrote on the 20 May 09 at 02:50

Thanks vantrax. I'd like to see some better linux sandboxing too, something with better security than chroot (which has never been recommended for security use anyway) and less overhead than a full VM.

In some senses this is the exact opposite but complementary idea, an inverted sandbox if you will. Rather than keeping one process from changing the rest of your system it is about keeping the rest of your system from seeing inside one process. They're quite similar ideas that would share base technologies so hopefully someone who can create one could also create the other.

I really have no idea how hard it would be to get going, it might be as simple as a bash script or there might be hurdles I haven't considered. Maybe when I get chance I'll look into it :-)

OpenNingia wrote on the 20 May 09 at 10:22

Chrome sandbox idea is different, it prevents Chrome features to access resources out of the sandbox. ( But you can access sandboxed filesysetm from external i.e. file manager )

What r0g is asking it is essentially the opposite, a sandbox accessible by the application only.

Am I wrong?

dino wrote on the 20 May 09 at 17:09

Saving passwords etc - isn't that what gnome-keyring is for, doing exactly that?

For the rest and a more general solution I think selinux is the way to go.

papukaija wrote on the 20 May 09 at 19:23

With Ubuntu 9.10 it should be possible to create an encrypted /home partiton.

r0g wrote on the 22 May 09 at 22:51

OpenNingia - Yes exactly that. An encrypted home partition wont help in the situation I am thinking of as the filesystem is unencrypted from a userspace perspective, it's only useful when the owner isn't logged in. Any malicious code that makes it into userspace can read data from the encrypted filesystem, what I envisage is an extra level of protection on top of that.

SElinux might help, but only by preventing userspace invasions happening in the first place. What I want is a small encrypted chunk of filesystem that only a single process can read and write which requires extra credentials over and above the normal user - a bit like firefox's master password, but for apps that don't include that functionality by default.

sf_007 wrote on the 29 May 09 at 01:04

Very good idea.

Post your comment

Submit your idea