Ubuntu and CentOS Are Undoing a GNOME Security Feature

Ubuntu

Ubuntu and CentOS Are Undoing a GNOME Security Feature

Ubuntu is a complete Linux operating system, freely available with both community and professional support. The Ubuntu community is built on the ideas enshrined in the Ubuntu Manifesto: that software should be available free of charge, that software tools should be usable by people in their local language and despite any disabilities, and that people should have the freedom to customize and alter their software in whatever way they see fit.

Current versions of Ubuntu and CentOS are disabling a security feature that was added to the GNOME desktop environment last year.

The feature’s name is Bubblewrap, which is a sandbox environment that the GNOME Project added to secure GNOME’s thumbnail parsers in July 2017, with the release of GNOME.

 

 

Ubuntu

 

 

Protect GNOME’s thumbnailing system

 

Thumbnail parsers are scripts that read files inside a directory and create thumbnail images to be used with GNOME, KDE, or other Linux desktop environments.

This operation takes place every time a user navigates to folders, and the OS needs to display thumbnails for the files contained within.

In recent years, security researchers have proven that thumbnail parses can be an attack vector when hackers trick a user into downloading a boobytrapped file on their desktop, which is then executed by the thumbnail parser.

 

GNOME

 

 

Ubuntu, CentOS disable Bubblewrap feature

 

But according to German security researcher and journalist Hanno Boeck, the Ubuntu operating system is disabling Bubblewrap support inside GNOME for all recent OS versions.

Furthermore, Google security researcher Tavis Ormandy also discovered that GNOME Bubblewrap sandboxes were also missing in the default version of CentOS 7.x.

But there’s a valid explanation for what Ubuntu is doing, according to Alex Murray, Ubuntu Security Tech Lead at Canonical.

Murray says the Ubuntu team opted to disable GNOME’s Bubblewrap because they did not have the time and resources to audit the feature.

“Bubblewrap is relatively new software doing some complicated things to set up sandboxes,” Murray said. “If we just blindly promote it to [Ubuntu main] and then find out it has a vulnerability itself which we could have caught through code review beforehand that is not a good outcome for our users.”

 

 

Bubblewrap

 

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Internet Of Things Training

Internet Of Things Training Hyderabad

Internet Of Things Training in Bhubaneswar

Internet Of Things Training in Bangalore

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Web Penetration Testing Company in Bangalore

Network Penetration Testing – NPT

Network Penetration Testing Service in Bangalore

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad

 

 


Show Buttons
Hide Buttons