We have moved to a new Sailfish OS Forum. Please start new discussions there.
21

SFOS protection from malware [answered]

asked 2015-11-18 02:19:28 +0200

molan gravatar image

updated 2015-11-18 02:24:24 +0200

First, the important rule: Don't use anything outside the official Jolla repository, unless you can trust a chosen 3rd party source.

There were already questions about possible harmful 3rd-party Android applications and wether they could access/harm Sailfish OS system files. But what about 3rd-party RPM files? For example from Warehouse/Openrepos.net? While the risk is minimal and there is no known malware around, this could change in the future. Out of interest, I have following questions:

What should one do after installing something nasty? How can it be found? How to stop it? Limited user access certainly helps, but I assume there must be additional security tools in Mer Core (something like AppArmor?).

I don't know much about all these things and it would be interesting to learn how Sailfish OS protects itself. Maybe someone can give a good answer :-)

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by molan
close date 2018-05-31 11:36:23.554830

Comments

Where are the questions about Android apps that could add spywares on Sailfish OS? As long as LXC is not used for Android apps, I guess there could be a keylogger or screenshot app running in a background process. Here is the question for LXC support: https://together.jolla.com/question/107023/running-android-in-lxc-container/

baptx ( 2019-10-12 22:23:12 +0200 )edit

1 Answer

Sort by » oldest newest most voted
9

answered 2015-11-18 11:18:06 +0200

r0kk3rz gravatar image

For example from Warehouse/Openrepos.net? While the risk is minimal and there is no known malware around, this could change in the future.

Many would argue that the risk is far from minimal, and it is really up to the people that run Openrepos to ensure they aren't hosting malware.

From a sandboxing perspective the XDG-App that Gnome and Freedesktop are doing sounds reasonably interesting, but I think the whole thing hinges on kdbus which we don't have in our kernel version.

edit flag offensive delete publish link more

Comments

2

kdbus is being rewritten as we speak. No official kernel has it yet. Lennart poettering also wrote http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html which i find interesting.

ApB ( 2015-11-18 12:50:33 +0200 )edit
1

@ApB that post from Lennart is what this XDG-App stuff is based upon. Sure it's not something that Jolla can 'just implement' at the moment, but given the control they have over SFOS they can start to bring in some of the ideas from it i think.

r0kk3rz ( 2015-11-18 13:08:08 +0200 )edit
3

While they might have control on SFOS they don't have control over chipset vendors and the kernel (blobs etc). Most stuff will require a more modern kernel i believe. But SFOS is a damn fine base to start on these stuff. BTRFS is there systemd is there etc.

ApB ( 2015-11-18 14:11:41 +0200 )edit
1

we have cgroups, and namespaces, so I think a potential solution along these lines is there. SFOS doesn't have to do a lot of the BTRFS related stuff (which won't work on the tablet anyway) with swappable runtime dirs and base OS dirs

r0kk3rz ( 2015-11-18 14:39:40 +0200 )edit
2

Imho only possible future Sailfish secure system can answer these questions, and there nothing to do with current one.

coderus ( 2015-11-18 14:45:24 +0200 )edit

Question tools

Follow
8 followers

subscribe to rss feed

Stats

Asked: 2015-11-18 02:19:28 +0200

Seen: 738 times

Last updated: Nov 18 '15

Related questions

What is the best maps/navigation application to use on Jolla? [answered]

VPN client [released]

Word prediction should be always turned off when entering passwords in Android apps [released]

Password manager for Sailfish [answered]

Android VKB saves and suggests passwords in plaintext

[Feature-request] Track & protect my Jolla

Keychain linked to TOH

Cloud backup should be encrypted

Guest account for demonstration [answered]

HowTo: Connecting to Jolla via SSH over USB [answered]

Copyright © Jolla Ltd. 2013-2019. All rights reserved.
about | faq | help | privacy policy | terms of service | give feedback
Powered by Askbot version 0.7.49