本帖最後由 samiux 於 2015-9-18 17:26 編輯
@vichui,
I do doubt that any lock that locksmith (may be lockpickers) cannot open?
Windows and Linux are very similar operating systems in term of security. They all have the similar protection schemes, such as ASLR, DEP, XD/NX and etc as well as users profiles.
I am curious that Chromium is more secure than Firefox? Linux is more secure than Windows? I am doubt too.
For Chromium, the recent vulnerability is GLSA 201507-18. You really believe that Chromium is more secure than Firefox?
For Linux, the CVE database of Linux kernel is here. You really believe that Linux is more secure than Windows?
"apprmon"? May be you are talking about Apparmor. Apparmor is not available or cannot be easily installed on some Linux systems.
You are talking about using chroot, iptables and apparmor and etc to secure your browser? If so, I think I do not know how you can secure your browser with iptables rules.
Okay, I think we need to know the following terms (Chroot, Apparmor and SELinux) before going further.
What is chroot?
According to Wiki, a chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name (and therefore normally cannot access) files outside the designated directory tree. The term "chroot" may refer to the chroot(2) system call or the chroot(8) wrapper program. The modified environment is called a "chroot jail".
Chroot is included in the user namespaces since Linux kernel 3.8.
There are some limitations according to the Wiki. They are :
The chroot mechanism is not intended to defend against intentional tampering by privileged (root) users. On most systems, chroot contexts do not stack properly and chrooted programs with sufficient privileges may perform a second chroot to break out. To mitigate the risk of this security weakness, chrooted programs should relinquish root privileges as soon as practical after chrooting, or other mechanisms – such as FreeBSD Jails – should be used instead. Note that some systems, such as FreeBSD, take precautions to prevent the second chroot attack.[7]
On systems that support device nodes on ordinary filesystems, a chrooted root user can still create device nodes and mount the file systems on them; thus, the chroot mechanism is not intended by itself to be used to block low-level access to system devices by privileged users. It is not intended to restrict the use of resources like I/O, bandwidth, disk space or CPU time. Most Unixes are not completely file system-oriented and leave potentially disruptive functionality like networking and process control available through the system call interface to a chrooted program.
At startup, programs expect to find scratch space, configuration files, device nodes and shared libraries at certain preset locations. For a chrooted program to successfully start, the chroot directory must be populated with a minimum set of these files. This can make chroot difficult to use as a general sandboxing mechanism.
Only the root user can perform a chroot. This is intended to prevent users from putting a setuid program inside a specially crafted chroot jail (for example, with a fake /etc/passwd and /etc/shadow file) that would fool it into a privilege escalation.
Some Unixes offer extensions of the chroot mechanism to address at least some of these limitations (see Implementations of operating system-level virtualization technology).
What is Apparmor?
According to Wiki, AppArmor ("Application Armor") is a Linux kernel security module released under the GNU General Public License that allows the system administrator to associate a security profile with each program, which restricts the capabilities of that program. It supplements the traditional Unix discretionary access control (DAC) model by providing mandatory access control (MAC). It was included as of the 2.6.36 version of the mainline Linux kernel. Since 2009, Canonical Ltd. contributes to the ongoing AppArmor development.[vague]
In addition to manually specifying profiles, AppArmor includes a learning mode, in which violations of the profile are logged, but not prevented. This log can then be turned into a profile, based on the program's typical behavior.
AppArmor is implemented using the Linux Security Modules (LSM) kernel interface.
AppArmor is offered in part as an alternative to SELinux, which critics consider difficult for administrators to set up and maintain. Unlike SELinux, which is based on applying labels to files, AppArmor works with file paths. Proponents of AppArmor claim that it is less complex and easier for the average user to learn than SELinux. They also claim that AppArmor requires fewer modifications to work with existing systems:[citation needed] for example, SELinux requires a filesystem that supports "security labels", and thus cannot provide access control for files mounted via NFS. AppArmor is filesystem-agnostic.
What is SELinux?
According to Wiki, Security-Enhanced Linux (SELinux) is a Linux kernel security module that provides a mechanism for supporting access control security policies, including United States Department of Defense–style mandatory access controls (MAC).
SELinux is a set of kernel modifications and user-space tools that have been added to various Linux distributions. Its architecture strives to separate enforcement of security decisions from the security policy itself and streamlines the volume of software charged with security policy enforcement. The key concepts underlying SELinux can be traced to several earlier projects by the United States National Security Agency (NSA).
After knowing what is Chroot, Apparmor and SELinux, you may know that you need some effort to make them work on your systems. They may not be implemented on your Linux system by default. If they are implemented by default, they may have limited services (or says programs/processes) to be protected.
Personally, I prefer Apparmor to Chroot and SELinux. It is because it is more user-friendly and easier for trouble-shooting. As far as I know, even Ubuntu do not enable (I mean enforce mode) Apparmor for Chromium and Firefox by default.
For general users, it is too hard for them to implement Chroot, Apparmor or SELinux even they are following tutorials or guides. Basically, Apparmour on Ubuntu is more easiler to implement when they are following tutorials or guides if they have a good one.
Fair to say, even some Windows users can run their Windows systems without any anti-virus over 10 years without getting any infection. Or, may be they do not know that they are already infected just like you.
In conclusion, Linux users are required at least some degree of protection, such as Apparmor and/or anti-malware.
Thank you.
Samiux
Update reason : fix typo |