Trashing security, it’s as elegant as trolls in tutu skirts

by davidnielsen

Having just watched the lastest Mythbusters episode where they use one plane to slice up another plane – I started thinking (and it hurt I tell you).

How should trashing really work, currently GNOME implements trash for files in nautilus, trash for email in Evolution and I’m sure there are other “clean up” facilities in other applications.

My question would the logical way for this to work be a global trash can into which everything goes, email, files, tmp files that can be safely deleted, etc.

On top of that, why are we not by default shredding data properly for greater security.

My desktop is relatively state of the art when it comes to security on Linux, Fedora ships a lot of nice security features by default. But I’m sure we can do so much better – why f.eks. is it still not the default to sign email and encrypt it, or partitions for that matter.. why is my swap partition not encrypted. Security is something you opt-out of not opt-in.

And yes I do believe putting a Windows machine on the net should be punishable by public beatings, but might just be me, these people are putting all of us at risk. e.g. I can’t drive around town in an unsafe car (well technically speak I can’t drive period as I have no license.. but bare with me), why should I be allowed to wreck everyones internet using an unsafe OS?

The stats speak for themselves, Red Hat had an average of 1 day open to critical flaws, in the same period Microsoft averaged at 46 days. This is not even considering the fact that all of RHEL is supported, the Windows stats covered only the core Windows system as shipped out of the box. We are talking an order of a magnitude more code and the free software community (here represented by Red Hat as they collect good hard data on this kind of thing, thank you Mark Cox) were still doing better. This people, is the definition of scary.

I’ve often said that on Linux we don’t provide enough security, we are but marginally better than the competition – looking at the stats and the way security on Linux is progressing and the speed at which it’s being deployed. I’d say the margins are looking nice and big already but we can do much better – the fact that the competition is crap does not make us brilliant by default sadly.

Oh and Ubuntu users will probably have to wait till at least Dapper+1 for any kind for proactive security, I requested it repeatedly as a goal since the beginning of the Hoary cycle and they keep saying “It’s on the schedule next release cycle”. This means when it comes to security, they playing catch up to Fedora by years – SELinux was first introduced in FC2 (it was on by default in FC3), FC4 gave us FORTIFY_SOURCE=2 by default. Exec-shield has been default since the beginning and yet Fedora manages to be a functional desktop system. FC5 brings about ProPolice stack protection across the board in addition to even better SELinux policies and more hardening. We are speaking years of a head start here, luckily being an open collaborative environment, other distros are free to learn from Fedora.

Inventing and implementing security is all well, but that’s mainly theory, deploying a distro like Fedora which has to work as a desktop and have it work still is a whole other job. It is not just a switch you set when installing, it’s a finely tuned mesh, to loose an it’s worthless, to tight and the users complain that nothing works – see FC2′ default deny policy for SELinux, a truly impressive security feature.. so tight my machine refused to boot with it enabled.. I guess there’s a reason it was off by default, but I just had to try.