I am reading a lot about this currently. Basically: - podman, flatpak, some Browsers use user namespaces to isolate activities from the main system - they are widely used as a security measurement - on Linux Flatpak uses them, as bubblewrap creates new user namespaces for each application - Flatpakked browsers cant use user namespaces themselves, as this is not compatible with flatpak. So their security especially in Chromium is reduced. But that is as far as I go. The hardened Linux Kernel disables user namespaces. There is bubblewrap-suid which avoids using user namespaces. Unflatpakked browsers are more secure as they can use their builtin sandbox to do things like tab isolation. But does this even work when user namespaces are disabled, or does this also break sandboxing? Are user namespaces secure, is not using them even worse, what are hidden implications? I also read that firejail runs as root, so if it has a security hole the sandboxed program can get root privileges. Isnt that the same with bubblewrap-suid ?
  • Max-P@lemmy.max-p.me
    4·
    1 year ago

    There’s historically been some privilege escalations, such as https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32233

    But at the same time, they do offer increased security when they work correctly. It’s like saying we shouldn’t use virtualization anymore because historically some virtual devices have been exploitable in a way that you could escape the VM. Or lately, Spectre/Meltdown. Or a bit of an older one, Rowhammer.

    Sometimes, security measures open a hole while closing many others. That’s how software works unfortunately, especially in something as complex as the Linux kernel.

    Using namespaces and keeping your system up to date is the best you can do as a user. Or maybe add a layer of VM. But no solution is foolproof, if you really need that much security use multiple devices, ideally airgapped ones whenever possible.

    • Pantherina@feddit.deOP
      1·
      1 year ago

      Thanks. But is not using user namespaces just as bad as having no isolation, or can bubblewrap-suid or even Browsers isolate anyways?

      Because thats what makes me curious, does removing them for security make the system less secure?