Written by r0g the 19 May 09 at 23:49.
Related project: Nautilus.
In short, can we provide extra security/privacy for our data despite wanting/needing to use insecure apps?
Linux permissions do a good job of automatically protecting core system files from change but data privacy/security seems to be predicated on an assumption of userspace security which is generally unrealistic. At the same time for many people losing the privacy of their data can be far worse than losing their OS install or hardware. For example in my case...
I have some applications which I love but which aren't written with security in mind. The main one I'm thinking of here is FileZilla which stores all usernames and passwords as plain text but many other apps simply assume their environment will always remain private. One of the MAIN REASONS I switched to a linux based system was to get a bit more security as since I became a web developer a few years back I have stared to accumulate LOTS of other peoples web hosting credentials. This is valuable booty to some miscreants and I guess it has been standard hacker practice to scan for unencrypted ftp/ssh credentials for time immemorial but I am troubled to hear many worms and trojans now do the same as a matter of course and I would like an extra line of defense against this.
There are lots of encryption solutions, some of which I already use such as truecrypt but these don't really hit the spot as once a volume is mounted it can be read by any user/process. This means that any intrusion into my user space (say from a browser bug) while I have a truecrypt volume mounted might trivially compromise all my most private data. I'm sure we have the technology to protect against this.
Note: Please do not reply Ubuntu is secure enough already or vote this down because 'Ubuntu does not get viruses'. *nix is only that way because developers were sensible enough to take precautions before there were widespread problems. Nothing is infallible and the one thing worse than a total lack of security is a false sense of security!
Thanks vantrax. I'd like to see some better linux sandboxing too, something with better security than chroot (which has never been recommended for security use anyway) and less overhead than a full VM.
In some senses this is the exact opposite but complementary idea, an inverted sandbox if you will. Rather than keeping one process from changing the rest of your system it is about keeping the rest of your system from seeing inside one process. They're quite similar ideas that would share base technologies so hopefully someone who can create one could also create the other.
I really have no idea how hard it would be to get going, it might be as simple as a bash script or there might be hurdles I haven't considered. Maybe when I get chance I'll look into it :-)
OpenNingia - Yes exactly that. An encrypted home partition wont help in the situation I am thinking of as the filesystem is unencrypted from a userspace perspective, it's only useful when the owner isn't logged in. Any malicious code that makes it into userspace can read data from the encrypted filesystem, what I envisage is an extra level of protection on top of that.
SElinux might help, but only by preventing userspace invasions happening in the first place. What I want is a small encrypted chunk of filesystem that only a single process can read and write which requires extra credentials over and above the normal user - a bit like firefox's master password, but for apps that don't include that functionality by default.