Received: from mx1.mailbun.net (mx1.mailbun.net [170.39.20.100]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id D3203782CD8 for <~alpine/users@lists.alpinelinux.org>; Mon, 19 Jul 2021 10:23:12 +0000 (UTC) Received: from penelo.lan (unknown [107.125.25.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: ariadne@dereferenced.org) by mx1.mailbun.net (Postfix) with ESMTPSA id B9A05113556; Mon, 19 Jul 2021 10:23:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=dereferenced.org; s=mailbun; t=1626690191; bh=MzsyHhmQP4ub4tfaKfiZlcXuVfkLKwAZ7AzsoNUtS9o=; h=Date:From:To:cc:Subject:In-Reply-To:References; b=D5VRLQZHjlNcWEaqo3AIpmlyfpGFALs2K9mjhoJ9tG6LKqh061G5QELFGDrfmi/XN 8UdkFoaIX2cH1LZQLsAr2IkE5aKgiSIv/5wM+ifPRApLcCLALBUjaIjcai9FadKkb0 SZCQO0A0i5/frLt6yyZiq+rNFrMjWPrn1kT8ksGw9fP6n2AkE1iRnc34EjyazORR2s Q93MT47n7dNup8TZuyshxXwpZ6hiRsE4JaPliwBGRAsOLXVUtua2Fz0f+xsKYE29ob EaNajVcMjofUYeWGh/xKBQWUKfDVlLqDK49spPouT6BS5bfyhAFDOxfelll5zuY0Bv Kxl8nj/2zfuoQ== Date: Mon, 19 Jul 2021 05:23:09 -0500 (CDT) From: Ariadne Conill To: ml-devel@keemail.me cc: ~alpine/users <~alpine/users@lists.alpinelinux.org> Subject: Re: Firejail In-Reply-To: Message-ID: <5eec4fc-291d-1aae-dac-4776cba0945b@dereferenced.org> References: <87c4c1c0-f20-3f9-2a6-a85c9a4b2133@dereferenced.org> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Hi, On Mon, 19 Jul 2021, ml-devel@keemail.me wrote: > Jul 19, 2021, 07:26 by ariadne@dereferenced.org: > > > `firejail` has a rather problematic design, so we dropped the package as we were not confident in its dependability as a security tool. > > The main reason I use Firejail is because it has a simple front-end. For instance, if I don't want an application to see the contents of my local filesystem, I could simply use the `--private` flag. I > could use `--net=none` to prevent the application from accessing the network. Firejail also has extensive documentation, which makes it easy to figure things out. > > I understand that one shouldn't rely solely on Firejail for security/privacy, although I think it's a great tool to have in the arsenal. I would like to request the re-addition of Firejail into the > official repositories. Unfortunately, the SUID nature of firejail is sufficiently problematic that it won't return until there is a way to run firejail without being SUID. > > I'm not familiar with the modifications made to Firefox with tor-browser, but you should be able to just use Firefox with Tor directly, I think. > > Yes, I could do this. Although Tor provides additional anti-fingerprinting measures, which Firefox doesn't provide by default. > > Also, I noticed that `apparmor` is still in in the testing repository. How unsafe is it to run your systems, especially production-facing ones, without `apparmor`? Is there an alternative that's > currently provided? It is perfectly safe to run your systems without AppArmor or SELinux. These systems just provide mechanisms for building and loading policy statements into the kernel. The normal UNIX security primitives, while not as advanced, are sufficient for the majority of production Alpine systems. With that said, there is some interest amongst some developers to make AppArmor a first-class citizen in Alpine 3.15, but it's still early days of that effort, so we'll see how it plays out. I think it would be nice to have, but I sleep well at night without it. > "All userland binaries are compiled as Position Independent Executables (PIE) with stack smashing protection. These proactive security features prevent exploitation of entire classes of zero-day and > other vulnerabilities." > > I am not sure what the above lines mean. Does PIE, in a way, function as a kind of alternative to apparmor? AppArmor is a policy framework, PIE is a way of compiling programs to make them have a more randomized address space layout. They are unrelated to each other. Ariadne