Ubuntu and CentOS Are Undoing a GNOME Security Feature

An anonymous reader writes: Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. In recent years, security researchers have proven that thumbnail parses can be an attack vector [1, 2, 3].

Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.

The feature isn't called bubblewrap

This doesn't have really much to do with bubblewrap on its own. What this has to do with is GNOME running thumbnail generating software within bubblewrap. However there are issues with this, if a user is already running some gnome software inside of a container or something already using bubblewrap, you can't run multiple levels of it.

The real question that needs to be asked though, who the hell is still using GNOME?