Workspace -- an alternative to AppArmor?

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Workspace -- an alternative to AppArmor?

Post by mike acker »

it occurs to me that, Linux being naturally a multi-user system that on the Mint GUI we should be able to create an option whereby a system operator could LOGON under a second User-ID when switching to (e.g.) workspace2

this would need to be configured in System Options someplace.

when this occurs the second User-ID would get access to a separate set of libraries. which might be highly desirable,-- as it would tend to prevent various types of scripting or glitches in software objects from improperly accessing data that the first user id does not want to share

thoughts?
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
¡Viva la Resistencia!
User avatar
xenopeek
Level 25
Level 25
Posts: 29506
Joined: Wed Jul 06, 2011 3:58 am

Re: Workspace -- an alternative to AppArmor?

Post by xenopeek »

Image
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Workspace -- an alternative to AppArmor?

Post by mike acker »

i think the key to thinking about this lies in recognizing that every program the user launches runs under that user's credentials.

Example:

If I launch the File Manager (NEMO) I can access /Documents/Correspondence/
and -- then read any file I like using any program I like

If I launch my internet browser the same holds true: I can access anything that belongs to me. But a browser runs scripts. Now from what I read, JavaScript by design can't just read and write on my computer anything except for "cookies" . which is all well and good as far as that goes . but what else is going on ? Browsers can be hacked and when they are they the hacker is on the loose -- running with the user's credentials; i.e. access to anything owned by the user.

which has led me to create additional user IDs at times. but this is inconvenient as to use another user ID I have to log out and log back in. I like the work-spaces we have here in MINT and it occurred to be that if I could set a switch to tell the system "workspace 2 need to log on as another user" I can get much better isolation while sacrificing a bit less convenience.
¡Viva la Resistencia!
viking777

Re: Workspace -- an alternative to AppArmor?

Post by viking777 »

I can see you are a deep thinker Mike and with some neat ideas too! I have been looking into a lot of security based ideas recently, and even made some changes to my filesystems and browsers as a result, but nothing really does what I want it too. Ideas like SeLInux and AppArmor are way way too complicated for anything other than corporate users with sysadmin backup, ideas like Tor are fine if you are a paedophile or a dissident in a country without any concept of free speech, but otherwise are really OTT, but ideas like separate user accounts for separate functions are really much nearer the mark.

I like xenopeek's Qubes recommendation as well - I haven't heard of it before, but unfortunately anything based on virtualisation instantly turns me off, even though I use Vm's occasionally, I have always thought they are dramatically over hyped, a bit like "The Emperor's new clothes" and I would prefer not to use them at all, but I do understand their security potential. I still might have a look at Qubes though.

The only problem with your idea Mike is that I think you would have to tailor the Linux file system permissions from 'ugo' (user, group, others) to 'u1,u2,u3 etc g1,g2,g3 etc, others' to make it really work and that might not be too easy and would play havoc with newbies :lol:

Edit. Actually that last sentence is complete rubbish, you can easily accommodate what you suggest with existing groups permissions.
mike acker
Level 7
Level 7
Posts: 1517
Joined: Wed Jul 31, 2013 6:29 pm
Location: Kalamazoo, MI

Re: Workspace -- an alternative to AppArmor?

Post by mike acker »

I borrowed some of my thinking from the old IBM/MVS : "Multiple, Virtual Systems".

in reality each user who logs on -- creates his own "VM" to run in . Isolated from other users on the system.

which I think covers the problem of 2 and more users running on a system at the same time rather well. the issue I've been concerned about is the common use of credentials in each user log on: after I log on every program I launch runs using my log-on credentials.

which really isn't what you would want when you are dealing with executable documents such as web pages which are loaded with java script and who knows what else, or "modern" documents loaded with VBS, macros, & etc. the trouble is: you are sharing your system with the guy who wrote the scripts in those "modern" documents

which would lead one to investigate AppArmor or similar solution.

but in looking at MINT -- and using the Workspace option -- and thinking ......hmmmmm Linux is naturally a multi-user system -- why could we not have an option to make the 2d workspace log on as a separate user?

all i'd need to do then is move those directories that I do not want to share to my alternate user ID and then set up a shared directory for passing stuff when that would be needed.

according to what I read, Java Script is not supposed to let a web-author run rampant in a remote client machine. what about corruption though? the first objective in hacking is to "get code execution",--- i.e. to deliver an un-authorized program change -- followed by un-authorized programming -- into the victim.

A C program should keep its code and data pages separate and should apply memory protection to code pages. I'm trying to learn more about this. Hopefully Linux doesn't let programmers run code on un-protected pages.
¡Viva la Resistencia!
kurotsugi

Re: Workspace -- an alternative to AppArmor?

Post by kurotsugi »

based on your explanation virtualbox might meet your criteria. you can load a barebone linux with only DE and a browser to make it as light as possible. you can also use something similar with TAILS which build with privacy and security in mind. in worst case scenario when the browser in the VB have been hacked it can't read anything in your system since they're separated.
Previous1

Re: Workspace -- an alternative to AppArmor?

Post by Previous1 »

kurotsugi wrote:in worst case scenario when the browser in the VB have been hacked it can't read anything in your system since they're separated.
Actually they're not - at least if you run the VBox client under the same X-server. It's why some liveCDs recommend to not run them from within the OS.
Locked

Return to “Chat about Linux”