I found this really old blog post and it still applies today.

We don’t really have antiviruses, and thats nice. But we have a huge monolithic kernel, we have random executable files all over the filesystem, we have systems that to this day often dont even update without elevated privileges.

Android took Linux and fixed it, long ago. You dont even have root! Their app ecosystem is often very restricted by design though, as its a phone OS.

Desktop Linux needs to get more secure, compartimentalized, perfectly usable

  • without sudo privileges
  • without apps having read/write access everywhere
  • without X.Org
  • with portals, control, Wayland, Pipewire, Flatpak
  • with a split up kernel, drivers in userspace, adapted to the actual hardware you are running
  • with as much hardening applied as possible to simply shut off everything you dont need.

I guess there are many great projects out there that try to create exactly such a system

  • musl, busybox
  • RedoxOS
  • hardened_malloc, *BSD software

Can you recommend more software that is secure by design? The blog author mentioned Postfix.

  • MNByChoice
    link
    fedilink
    arrow-up
    21
    ·
    10 months ago

    I disagree with the premise that Android is Linux “fixed”. Sudo is a bridge for privilege compartmentalization. There is root on Android.

    And for many of those points there is a solution, but not one many want to use. SELinux is poorly document and has a bad reputation, but does work. File systems can be mounted as to not execute anything on them.

    Good topic idea though, I just disagree with the specific examples.