Linux (In)security

Linux being secure is a common misconception in the security and privacy realm. Linux is thought to be secure primarily because of its source model, popular usage in servers, small userbase and confusion about its security features. This article is intended to debunk these misunderstandings by demonstrating the lack of various, important security mechanisms found in other desktop operating systems and identifying critical security problems within Linux's security model, across both user space and the kernel. Overall, other operating systems have a much stronger focus on security and have made many innovations in defensive security technologies, whereas Linux has fallen far behind.

Section 1 explains the lack of a proper application security model and demonstrates why some software that is commonly touted as solutions to this problem are insufficient. Section 2 examines and compares a number of important exploit mitigations. Section 3 presents a plethora of architectural security issues within the Linux kernel itself. Section 4 shows the ease at which an adversary can acquire root privileges and section 5 contains examples thereof. Section 6 details issues specific to "stable" release models, wherein software updates are frozen. Section 7 discusses the infeasibility of the average user correcting the aforementioned issues. Finally, section 8 provides links to what other security researchers have said about this topic.

Due to inevitable pedanticism, "Linux" in this article refers to a standard desktop Linux or GNU/Linux distribution.

Contents

1. Sandboxing 1.1 Flatpak 1.2 Firejail

2. Exploit Mitigations 2.1 Arbitrary Code Guard and Code Integrity Guard 2.2 Control Flow Integrity 2.3 Automatic Variable Initialization 2.4 Virtualization-based Security

3. Kernel

4. The Nonexistent Boundary of Root

5. Examples

6. Distribution-specific Issues 6.1 Stable Release Models

7. Manual Hardening

8. Other Security Researcher Views on Linux