Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ubuntu and CentOS Are Undoing a GNOME Security Feature (bleepingcomputer.com)

Posted by msmash on from the what's-happening dept.

An anonymous reader writes: Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year. The feature's name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME's thumbnail parsers in July 2017, with the release of GNOME 3.26. In recent years, security researchers have proven that thumbnail parses can be an attack vector [1, 2, 3].

Ubuntu Security Tech Lead Alex Murray said the Ubuntu team chose to disable Bubblewrap inside Ubuntu because they did not have the time to perform a security audit. Murray blamed the many CPU bugs (Spectre, Meltdown, etc.), which kept the team busy and prevented them to audit the feature.

12 of 66 comments (clear)

  1. Good by Aighearach · · Score: 4, Insightful

    The last thing we need is additional layers of minimally-tested software promising to protect people.

    1. Re:Good by Aighearach · · Score: 2

      Because the sandbox can screw up and eat your cat at any time.

      The vulnerability it protects against happens when you're rebuilding an installer package locally. Building the installer can cause it to run naughty javascript that might be hidden in the code related to icons. Most users would never ever run this. Very few users are rebuilding packages that they're not involved in maintaining.

      But if the new sandbox has security bugs, they could hit regular users who never even tried to rebuild a package.

  2. Doesn't seem very controversial by Xylantiel · · Score: 4, Insightful

    So a new security feature isn't getting wider distribution (yet) because there weren't enough resources to get it ready. This just doesn't seem very controversial.

    1. Re:Doesn't seem very controversial by Aighearach · · Score: 4, Interesting

      We won't know if it is really a security feature unless somebody audits the code.

      Code that is not a security feature, but thinks it is, is even more dangerous than an unpatched bug.

      It doesn't seem controversial because you didn't understand it yet. Keep trying. When you understand the controversy, that's when you'll have started understanding the controversy.

    2. Re:Doesn't seem very controversial by Anonymous Coward · · Score: 3, Insightful

      When you understand the controversy, that's when you'll have started understanding the controversy.

      The first rule of tautology club is the first rule of tautology club.

  3. The feature isn't called bubblewrap by Anonymous Coward · · Score: 2, Informative

    This doesn't have really much to do with bubblewrap on its own. What this has to do with is GNOME running thumbnail generating software within bubblewrap. However there are issues with this, if a user is already running some gnome software inside of a container or something already using bubblewrap, you can't run multiple levels of it.

    The real question that needs to be asked though, who the hell is still using GNOME?

    1. Re:The feature isn't called bubblewrap by KiloByte · · Score: 2

      Which is an outright sabotage: with Windows getting weak, we could pull in a good part of Windows users had we defaulted to an usable desktop. No experienced user uses GNOME -- including even GNOME devs (they develop it from OS X) -- so the non-technical user suffers from software that's not even dogfooded.

      --
      The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  4. Re:Blame the hardware! by Aighearach · · Score: 2

    You seem a little confused about the impact here. They're removing it because having it there makes things less secure, while promising security. That is dangerous.

    You seem a bit confused about the dangers.

  5. Re:Why sandbox it? by Aighearach · · Score: 2

    It seems obvious, but if there isn't enough available hours to audit the sandbox, there is even less available to individually audit all the code that would run inside the sandbox.

    And most of that code has been in the wild for a long time and is pretty stable. (Stable means unchanging in software) So it is less likely to be dangerous than newer code, that hasn't been in the wild for long, and isn't yet stable.

  6. I got excited because I thought this was about by Anonymous Coward · · Score: 5, Funny

    removing systemd.

  7. Re:Blame the hardware! by thegarbz · · Score: 2

    Lets blame CPU hardware bugs, which we cannot do anything about, for our inability to secure our own software.

    You do realise it's about securing other people's software right?

  8. Re:Who runs Gnome anyway? by renegadesx · · Score: 2

    I have always found KDE very flexible.

    --
    Make SELinux enforcing again!