Enter your search text in the box above

Select a result to preview

Bubblejail

#tools #rate6

Linux is open-source, privacy friendly, but might not be that secure as many people imagine. This article: Linux | Madaidan's Insecurities list many points that Linux doesn't make a good job in compared with macOS, chromeOS or even Windows.

Sandbox is the biggest one: Linux does a lot of things to manage permissions in kernel space, but user space internal permission management is almost forgotten (which is especially obvious on personal Linux Desktop Distros). All the applications has full access to each other’s data and can snoop on our personal information.

Now there are three mainstream solutions aim to mitigate this problem: Flatpak, Firejail and BubbleJail. And BubbleJail wins the game from my perspective (also recommend by Privacy Guide :

  1. Flatpak: Sand-boxed package manager, which supports sandbox through Bubblewrap, and Compatibility cross distros. But the following problems make it not a good choice for sandbox:
    1. Sandbox is optional: Flatpak trusts applications and allows them to design their own sandbox policy. So many applications' policy is far too board to be meaningful. Currently, there still exist about 100 projects on Flatpak come with permissions s.t. full access to /home.
    2. Old dependencies: Flatpak aims to provide a standard package management cross different distros. To solve the problem of dependency conflict, it wraps specific versions of dependencies which required by the application into the sandbox. It takes extra space to store different versions of dependency. And more important, it allows maintainers to be lazy on using the latest dependency and build their applications on old and maybe problematic basements.
    3. Closure: It can only sandbox applications installed through Flatpak.
  2. Firejail: The mainstream choice for application sandbox in Linux Desktop Community. Provide lots of presets and "firecfg" command aims to implement out of box user experience. But its' sandbox logic is debatable:
    1. Setuid: Firejail relies on setuid to implement sandbox, which means user must give Firejail root permission. In this case, Firejail can keep applications inside the sandbox safe but make the whole system more vulnerable to applications outside the sandbox. If Firejail contains any bug, it will immediately become the highway for attackers to get root permission.
    2. Config Complexity and Attack Surface: As a sandbox tool, Firejail contains too many unnecessary functions and parameters that might serve as attack surface.
    3. Integrity: Even though Firejail provides thousands of presets for different applications (Firejail supporters often mention it), many of them actually cannot work at all. (e.g. I spent weeks to solve the problem of signal-desktop cannot show system tray icon under Firejail and finally gave up) And Firejail limits applications through blacklist and whitelist without creating a really separate storage space. This design is risky and annoying: If you want to fine-tune your folder permission management, you have to add and remove path one by one or just give up and give it unnecessary board permissions.
  3. BubbleJail: My current solution of sandbox on Linux Desktop. This is my reason:
    1. Namespace: BubbleJail relies on Bubblewrap (Same as Flatpak) to implement sandbox, which avoids setuid and root permission through namespace (setuid mechanism limit in userspace).
    2. Humanize Config: Though BubbleJail doesn't have as many presets as Firejail, it simplifies the setup of complicated interface like X11, Wayland, PulseAudio, D-Bus interfaces, etc. It doesn't feel terrible to change the config file (unlike Firejail) and even has a cute GUI.
    3. Separate Storage Space: BubbleJail use whitelist by default. And if application wants to access a path not in whitelist, BubbleJail will create a separate home folder under instance folder. It frees user from adding all required path under the whitelist, and is securer as well.

Consider many OSes, especially Linux, didn't make much progress in user space security infrastructure since MS-DOS, compared to macOS, Android and chromeOS, BubbleJail is an important component in my personal Linux Desktop Threat Modeling.

Rating: 6/7 (7 Rating System)

Official Website: https://github.com/igo95862/bubblejail

And here is an excellent guide to maximize BubbleJail's security :https://discuss.privacyguides.net/t/sandboxing-apps-with-bubblejail-in-arch-distros/23004

License & Copyright

cc_badge.png
This article is licensed under the CC BY-NC-SA 4.0 license. Embedded code snippets are released under the GPLv3 license.
If you share or adapt this material, please provide a link back to this original page. See the Full License Policy for more details.