bug#43770: closed (Geeks think securely: VM per Package (trustless state to devs and their apps))

[GNU bug Tracking System]

Your message dated Mon, 05 Oct 2020 16:00:55 +0200
with message-id <87zh50wz54.fsf@gnu.org>
and subject line Re: bug#43770: Geeks think securely: VM per Package (trustless 
state to devs and their apps)
has caused the debbugs.gnu.org bug report #43770,
regarding Geeks think securely: VM per Package (trustless state to devs and 
their apps)
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
43770: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=43770
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems
> --- Begin Message ---
>
>
>
> Subject: 
>
> Geeks think securely: VM per Package (trustless state to devs and their apps)
>
>
>
>
> Date: 
>
> Fri, 2 Oct 2020 18:01:18 +0000
>
>
>
>
> Hi There,
>
> If we look at current state of packages running inside GNU distros they 
> are in very insecure shape which is either they are installed without 
> sandboxing because the distro doesnt even provide that or no profiles 
> exist for the sandboxing feature and has issues e.g:
>
> - Sandboxing can be made through MAC (apparmor,selinux) or Using 
> Namespaces (firejail,bubblewrap) But the problem with using these 
> features it needs a defined/preconfigured profile for each package in 
> order to use them thus making almost impossible case to be applied on 
> every package in real bases. (unless a policy which saying no package is 
> allowed without coming with its own MAC profile, but thats as well has 
> another issue when using third party packages...)
>
> - Containers are like OS, and to use it within another OS is like OS in 
> OS i find it crazy and not just that the way that the package gets 
> upgraded is not reliable to be secure so this wont solve our issue as well.
>
> To solve this mess, is to use virtualization method and to make that 
> happen is to put each package in a VM by itself means the package gonna 
> use the system resources without being able maliciously gain 
> anything.This provide less trust to developers and their code running 
> within the system.
>
> one of the greatest design made in our time towards security is 
> GNU/Linux Qubes OS, it uses OS per VM and has VM to VM 
> communication...etc i highly recommend reading their design to take some 
> ideas from it:
>
> https://www.qubes-os.org/doc/
>
> Useful refer:
>
> https://wiki.debian.org/UntrustedDebs
> https://blog.invisiblethings.org/papers/2015/state_harmful.pdf
>
> ThX!
>
>
>
> --- End Message ---
> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: bug#43770: Geeks think securely: VM per Package (trustless state to devs and their apps)
>
>
>
>
> Date: 
>
> Mon, 05 Oct 2020 16:00:55 +0200
>
>
>
>
> User-agent: 
>
> Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
>
>
>
>
> Hi,
>
> bo0od <bo0od@riseup.net> skribis:
>
> > Actually what i wanted to say but seems i missed it, This security
> > design can be engineered and implemented when Guixsd released based on 
> > GNU-Hurd Kernel. Because its going to be totally new kernel and having
> > this feature is without question the best security feature for the 
> > future of security within operating systems.
> >
> > Otherwise we gonna fall into the same cycle of trust to outside
> > package developers and their codes without preventive mechanism
> > against if its malicious one.
> >
> > If you mean the bug report is not the place for this request, then i
> > dont know where because i already discussed it in the IRC channel.(if 
> > there is somewhere else i can report this just tell me)
>
> It’s great to share your views of what you think should be done from a
> security standpoint.  There’s little more we contributors can say other
> than: yes, we agree, we’re working in this direction, and it’s going to
> be a long journey.
>
> What could help though is if people like you come and join us on that
> journey.  I very much encourage you to play with Guix System and in
> particular with the “childhurd” service that has recently landed and
> should be of interest to you.
>
> For now I’m closing the bug because as Ricardo wrote, it’s not a bug
> report per se.
>
> Thank you,
> Ludo’.
>
>
> --- End Message ---