Ubuntu QA:
BlogBrainstormPackage status
Log in
Ubuntu QA
The Ubuntu community has contributed 21986 ideas, 135057 comments, 2615221 votes
Idea sandbox Idea sandbox
Popular ideas Popular ideas
Ideas in development Ideas in development
Implemented ideas Implemented ideas
Idea #4333: Fully Utilize AppArmor/SELinux on default desktop for all applications

Written by gQuigs the 12 Mar 08 at 04:42. Category: Security. Related project: Nothing/Others. Status: New
Rationale
I believe we need to be proactive about the security of our systems. Also, I think Fedora fully uses SELinux for all of there default desktop applications.

Security should not be an add-on after the fact. We also should endeavor to make sure people's first reaction is not to turn it off. Fedora has failed at that with SELinux, many guides have that as their first step after installing.

This would also require a GUI for notifying a user of a security breach (and allowing them to allow it?)
Tags: (none)

102
votes
up equal down
Solution #1: Auto-generated solution of idea #4333
Written by gQuigs the 12 Mar 08 at 04:42.
Ubuntu Brainstorm was updated in January 2009. Since the idea #4333 was submitted before this update, its rationale and solution are not separated. Please vote accordingly, and if you have the necessary rights, please separate the rationale from the solution. Thanks!

Propose your solution

Attachments
No attachments.


Duplicates


Comments
XSP wrote on the 12 Mar 08 at 05:09
I'm a conspiracy theorists. Anything the NSA does has to be evil. :)

Seriously though, It's a wonderful idea. I just worry that your average user wouldn't even understand what it is and as a lot of people aren't inclined to learn about their system, it would leave them confused. It's a shame that something that makes your system incredible safe is overlooked often for ease of use. Flask should be implemented on all operating systems, and by all I mean that Microsoft needs to get their act together.

FreeBSD, OS X (via Darwin), and Solaris have all adopted implementations of Flask and that was probably my favorite default feature in Fedora Core. Security should be concern number one.

cheesehead (Brainstorm admin) wrote on the 12 Mar 08 at 08:58
Let's see, the ports are closed by default, frequent background security updates, immune to Outlook viruses, prompts for admin password before installing anything, permissions hierarchy prevents programs from running amok, AppArmor. Yeah, I can see your point that nobody has paid attention to security in the last 40 years.

Improve the existing tools, which are plentiful and adequate. No new layers.

No technology will fully defend from that rich fellow in Nigeria or other social viruses...

My mother doesn't want to see security pop-ups, and won't know what to do with them. Don't scare her.

Xan wrote on the 14 Mar 08 at 19:50
Related to http://brainstorm.ubuntu.com/idea/2049/

Eldmannen wrote on the 21 Mar 08 at 00:31
SE-Linux is too complicated for mortals.

gQuigs wrote on the 27 Mar 08 at 04:26
Let me just add this. We have the code to ALL the applications. We should be able to implement this WITHOUT breaking anything!

asimon wrote on the 24 May 08 at 11:00
The typical user should not need to understand selinux at all, just as the typical user doesn't need to know how the internet works, what the kernel does, or how their cpu works.

The typical user should not need to write selinux policies at all. It's the job of the distro, to ship the best policies possible (Fedora does an awesome job in this).

And if there is really ever the need to write new rules, there are convenient tools like audit4rule. It just needs a nice GUI.

Security should never be optional, this holds true to the desktop too, which holds a lot of personal data.


Post your comment