Comments (10)
Hey @xorgy thanks for reporting this. Yes we know there are a few limitations to the type of security the software can offer to the user, as described in the README, this is still mostly PoC to see if it's doable and how.
If we consider a malicious process (thus, previously "implanted"), it's pretty much game over from a lot of points of view if you only rely on OpenSnitch for the security of your computer :)
Also, finding a relatively safe to use IPC mechanism between the daemon and the UI is not trivial, again, we're hacking code together to see if we can find a solution somehow :)
We're open to ideas ... ? :)
from opensnitch.
Maybe the solution here is simply to document that X11 is insecure and that Opensnitch can't protect against X11 clients?
from opensnitch.
Sorry if I came off as judgemental. This just came to mind very quickly when I found this (very cool) project, started wondering how one could work around this and I'm realizing that it's really hard.
from opensnitch.
No worries, I totally got your intent ;) Yes, it is hard ... that is why I strongly believe using just one software is not the solution, but using X good softwares together, maybe is.
I'll leave this open, never say never! π
from opensnitch.
Maybe we need some form of XSnitch to allow users to whitelist X clients which should be doing input spoofing (such as accessibility tools, voice controlled mouse movement etc.). Seems like heaps of work in itself, since if the store is accessible to the user whose processes may be untrusted, then it becomes pointless again.
from opensnitch.
@xorgy There is no way to solve this using X11, that protocol was not designed with security in mind at all..
This is one of the pain points Wayland addresses.
On X11 you can pretty much tell any window to do anything you want and everything is trusted by default. This security situation on X11 is absolutely horrible..
Martin GrΓ€Γlin (author of the KDE window manager Kwin) occasionally writes on this subject and it's quite interesting:
https://blog.martin-graesslin.com/blog/2015/01/why-screen-lockers-on-x11-cannot-be-secure/
I wouldn't say this is an issue we can solve from the Opensnitch side of things.. The only way forward is Wayland which is actually designed with security in mind.
I have not personally tested running Opensnitch on Wayland but it should work fine considering we are just using Qt5 without any X11 specifics.
from opensnitch.
For those of us who are still stuck on X11, an out-of-band solution might work, e.g. have the UI on your phone and talk with the server. Or a silly arduino hardware device. Or whatever that gives you a UI bypassing X11.
As @evilsocket said you should try hard not to run a malicious process on your account anyway. Better to use a VM if you're testing something new and suspicious.
Other than that, Linux security is not there yet.
from opensnitch.
@adisbladis I'm aware that it's not possible to solve this properly on X11 as it stands, but an extension could be sufficient. I work on Wayland almost exclusively since I use so few GUI applications, but I don't think it's going to be standard until maybe 2019.
That said, with XWayland, having OpenSnitch on Wayland directly would definitely be sufficient to isolate it from X protocol oversights. GNOME's wayland session works pretty well these days.
from opensnitch.
Personally, I value this project more for privacy than security. I like to know what is trying to make connections and to where. For example, it can help identify and block the spyware that Canonical likes to include in their distribution.
I feel like a lot of other attack models would need to be addressed before the GUI could be considered a primary vulnerability of this project. Right now a malicious process can simply kill the daemon and go about its business. Similar to what @evilsocket said, you shouldn't rely on any one tool to protect you if you're running untrusted (potentially malicious) code.
from opensnitch.
@xorgy I'm going to try and add some explanation into the README.
I understand the technical meaning of the 1st line in your 1st message above. (Although, I don't understand what happens to allow it to happen!):
process initiating the connection has access to the user's X11 session, it can simply whitelist itself either before or after attempting to connect.
I'm trying to think of a use case to explain this behaviour. Would this be valid -
-
A user clicked on a HTTP link in an email
(The web browser hasn't been used before) -
The web browser is opened to render the link
(I guess at this point the web browser can do what you mentioned "simply whitelist itself either before or after attempting to connect")
Outcomes:
- the web browser whitelists itself (without the users knowledge)
- the web browser opens
- the URL is rendered
Any thoughts? If this is incorrect, could you help me to get a better example?
from opensnitch.
Related Issues (20)
- centos7 install error(opensnitch-1.6.5-1.x86_64) HOT 4
- Opensnitch does not start, Fedora 39, 86x_64x. HOT 1
- Log flooded with: ERR [eBPF events #1] error: unexpected EOF HOT 10
- [Feature Request] Add "ADD RULE" button in Allow/Deny connection dialog
- [Feature Request] Add Zoom option to the UI Preferences HOT 1
- [Feature Request] WorldMap realtime connections HOT 1
- keeps dropping Ethernet connection HOT 4
- Cannot Load Deamon - opensnitchd.service does not exist HOT 5
- [Feature Request] systemd commands in release notes HOT 1
- GetInfo() path can't be read HOT 3
- [Feature Request] Support matching by user name (not just user ID) and/or cgroup name
- Fedora Silverblue -- opensnitchd -check-requirements --> ERR /proc/config.gz not found HOT 2
- [Feature Request] default rule naming and columns
- Add a rules 'import' and 'export' option to the APT package. HOT 1
- opensnitch.io does not host project site any more HOT 4
- Upgraded from Ubuntu 20 to 22.04.4, Opensnitch UI not opening HOT 2
- Uninitialized firewall and logger causing SIGSEGV on master branch (c3bbb92) HOT 3
- incompatibility with python 3.12 HOT 1
- opensnitch UI crashes when deleting a rule HOT 3
- Windows OS Daemon HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensnitch.