Git-Mirrors/privsec.dev
1
0
Fork 0
mirror of https://github.com/PrivSec-dev/privsec.dev.git synced 2025-12-21 03:05:26 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge 1f0c17a431 into 7c9e59a3fc

Browse source
This commit is contained in:
Ganwtrs 2025-12-12 05:47:28 +00:00 committed by GitHub
commit f70e13d580
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

6
content/posts/linux/Choosing Your Desktop Linux Distribution/index.md
View file

@ -41,7 +41,11 @@ If you want to use one of these distributions for reasons other than ideology, y
## Desktop Environments
Consider using GNOME as your desktop environment. It supports [Wayland](https://en.wikipedia.org/wiki/Wayland_(display_server_protocol)), a display protocol developed with security [in mind](https://lwn.net/Articles/589147), and implements permission control for privileged Wayland protocols like `screencopy`. There are other desktop environments and window managers with Wayland support, but we are not aware of any permission control implemented by them. One caveat with GNOME is that it is written in unsafe languages, but we think the trade off for permission control is well worth it.
This section is a relative recommendation between desktop environments. This should not be misconstrued as saying that any one solves any of the fundamental issues with desktop Linux security.
[Consider using GNOME (or Sway)](https://secureblue.dev/images#security-recommendation) as your desktop environment. GNOME provides weak [thumbnailer sandboxing](https://gitlab.gnome.org/GNOME/gnome-desktop/-/issues/213) in Gnome Files, and Thunar/Tumblerd on secureblue Sway images provide weak [thumbnailer sandboxing](https://gitlab.gnome.org/GNOME/glycin/-/blob/main/glycin/src/sandbox.rs#L32) via Glycin. These are both efforts to mitigate [attacks via thumbnailers](https://scarybeastsecurity.blogspot.com/2016/11/0day-exploit-compromising-linux-desktop.html). COSMIC [is planning](https://github.com/pop-os/cosmic-files/issues/1189#event-20127287968) to add thumbnailer sandboxing for the release of Epoch 2. It's not known whether KDE plans to add this to Dolphin.
GNOME, KDE Plasma, Sway, and COSMIC secure privileged Wayland protocols like screencopy. This means that on environments outside of GNOME, KDE Plasma, Sway, and COSMIC, applications can access screen content of the entire desktop. This implicitly includes the content of other applications.
Wayland's predecessor, [X11](https://en.wikipedia.org/wiki/X_Window_System), does not support GUI isolation, allowing all windows to [record screen, log and inject inputs in other windows](https://blog.invisiblethings.org/2011/04/23/linux-security-circus-on-gui-isolation.html), making any attempt at sandboxing futile. While there are options to run nested X11 sessions such as [Xpra](https://en.wikipedia.org/wiki/Xpra) or [Xephyr](https://en.wikipedia.org/wiki/Xephyr), they often come with negative performance consequences, are not convenient to set up, and are not preferable to Wayland. You should avoid desktop environments and window managers which only support X11.