Genode Tails?
Nobody III
hungryninja101 at ...9...
Mon Jun 15 18:15:26 CEST 2015
I would love to see a web browser that uses Genode's security features and
is much more feasible to audit than Chrome, Firefox, etc.
On Mon, Jun 15, 2015 at 12:42 PM, Jookia <166291 at ...9...> wrote:
> On Mon, Jun 15, 2015 at 11:00:54AM +0200, Norman Feske wrote:
> > Hi again,
> >
> > everything you write resonates very well with me. I hope that Genode
> > will eventually become a viable technological foundation for Qubes-like
> > solutions. There is still a long way to go. But with the Turmvilla
> > scenario, we are taking the first baby steps in this direction.
>
> I'm so glad! One thing holding me back from going the Turmvilla route is
> actually the window manager not being tiled. Maybe that's just an excuse.
>
> > This is spot-on!
> >
> > Actually, even when using a full VM on top of Genode, the TCB for
> > keeping VMs isolated is much smaller compared to the current state of
> > the art. E.g., NOVA is an order of magnitude less complex than Xen.
> > Granted, there are resource multiplexers that are shared by different
> > domains (like the nitpicker GUI server or the NIC bridge). But in
> > contrast to a Linux-based dom0, those components are small enough for a
> > thorough evaluation.
>
> That's quite interesting. I have a feeling somewhere down the line someone
> will
> get Qubes running on Genode, whether as just the hypervisor or as the GUI
> too.
>
> > there is also the noux runtime as a middle-ground, which allows us to
> > use command-line-based GNU software (like Vim, GCC, make) directly on
> > Genode.
>
> I've heard about that which gives me a lot of hope about some kind of
> transition of my standard applications which are mostly terminal-based at
> this
> point. Unfortunately being the GTK+ fan I am, there'll be some pain there.
>
> > In your other email, you asked about the security of the Arora web
> browser.
>
> I didn't actually ask this, but I'm still interested in the discussion so I
> suppose I'll weigh in.
>
> > To be honest, I would not trust the code of Arora + Webkit +
> > Qt5 to be secure. It is too complex for a realistic assessment. But
> > while not trusting the code, we still know that the web browser cannot
> > store any information to disk. It cannot even see any files of the user.
> > It can merely observe the user input referring to the browser window. It
> > cannot install any spyware. It cannot ptrace other processes. It does
> > not even know which other components exist on the system. Hence, even
> > though we cannot make any assumption about the security of the web
> > browser itself, we know that it can do less harm when executed as a
> > sandboxed Genode component. The same idea to other applications like a
> > media viewer (where a bug in a codec would normally pose a security
> > risk) or a PDF reader.
>
> I'd argue browsers are fundamentally broken. I love the web, but we have
> to keep
> in mind that browsers aren't here to empower us. They're basically
> sandboxed
> operating systems whose sole purpose is to run nonfree code downloaded
> from the
> Internet and execute it somewhat safely. You can't modify this code and
> fix it
> or improve it as it's nonfree. You also can't run your own code or verify
> it to
> have nice things like actual end-to-end encryption working securely.
>
> Isolating browsers is a useful tool but we still end up with the problem
> of them
> being black boxes where the user doesn't control the data inside them.
> This is
> quite a bleak situation, I think it boils down to being cautious of
> monolithic
> architectures.
>
> Not all is lost though! I would love to see some hacking on a composable
> browser like uzbl or surf to leverge Genode's security features. Perhaps
> then
> the only black box we'd have would be WebKitGTK. Personally I wouldn't
> mind a
> slightly worse engine to WebKit if it meant I could compile a browser in
> less
> than twelve hours on ARM, but I'm quite tolerant of feature loss.
>
> > Cheers
> > Norman
>
> Thanks,
> Jookia.
>
>
> ------------------------------------------------------------------------------
> _______________________________________________
> genode-main mailing list
> genode-main at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/genode-main
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.genode.org/pipermail/users/attachments/20150615/cc0ca9de/attachment.html>
More information about the users
mailing list