Hacker News new | past | comments | ask | show | jobs | submit login

Which are some of the ways that Android deviates from GNU/Linux.

SELinux, seccomp, eBPF, FORTIFY_SOURCE, HSAN,.... all enabled.




Indeed. Unfortunately it seems nobody in the traditional Linux ecosystem outside Red Hat (and perhaps Canonical's Snap) is really interested in meaningfully improving UI application sandboxing.

Flatpak is often met with outright hostility and then some ranting about how OpenBSD's pledge already solves all problems. Sure, Flatpak is not perfect yet and too many Flatpaks still have to use filesystem=home (which usually caused by the application or toolkit not being friendly to sandboxing). But the Flatpak folks at least try to gradually improve security.

Disclaimer: I mostly run Linux on the desktop. But application security is definitely a blind spot for the Linux community. Many people still seem to think that UID 0 is the ultimate goal. We are mostly protected by the fact that Linux has ~1% of the desktop and is therefore not an interesting target yet.


I am fully with you, although I lost hope on the Desktop GNU/Linux, so just end up using it on a surviving travel netbook.

However I do use Ubuntu with AppArmor, Snap and whatever else that Canonical is trying to do to improve the situation.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: