-
Notifications
You must be signed in to change notification settings - Fork 584
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Question] SkypeforLinux - or General .deb Security #3527
Comments
A .deb can execute scripts while (un)installing, override system binaries, install autostart and systemd-unit files, install suids, ... TLTR: Do not install software you don't trust. Nothing (technical) can help. |
@rusty-snake so would appimages be preferred to be used with Firejail if available (from a security standpoint) ? |
Then the part with the installing is gone, but if you don't trust it it (i.e. you think it has a backdoor) it can escape the sandbox if it want. |
If the appimage has a backdoor and you run it in a tight sandbox firejail profile, can it really escape the sandbox? |
It can use
Or short: if the program you run in the sandbox wants to escape, it can escape. If you don't trust the software you run, use a VM (and even a VM can be escaped). |
Firejail can protect against a) a attack itself (e.g. the malware relies on the systems openssl binary) b) security hole (e.g an attacker can use execve remote, but with firejail's EDIT: That's my opinion, others welcome. Let's have a discussion. |
Firejail can minimize the kernel ABI, but there could still be 0-day exploits, CPU vulnerabilities like Spectre, hardware vulnerabilities like Rowhammer etc. Appimages and snaps only provide a sort of self-contained disk image so access to outside of the image can be limited. If the image contains malicious code, sandboxing can help but it's probably possible to circumvent it depending on the skills and resources of the adversary. @rusty-snake small correction: execve() doesn't depend on shell, maybe you were thinking of system() which does. |
My personal opinion (and what I try to do for software I regularly use) is that whitelisted profiles should always be preferred and the principle of least privilege should apply. Notes:
|
This might be considered a noob question here.
If i use firejail to secure skypeforlinux (or any proprietary .deb file), whats the point to secure it, if its already installed in your system?
Once you install that .deb file, isnt there a slight possibility that any one of those files can "self-execute" or rather skypeforlinux install a backdoor as a service or some other way that in essence firejail will not evidently help before even running the actual app?
How do you know its actually secured when app isnt running?
In this case, are appimages more secure than .deb files to be used with Firejail? (If yes, then i havent found any appimage files for skypeforlinux)
The text was updated successfully, but these errors were encountered: