| ▲ | nananana9 9 hours ago |
| "Fine" Why does every Linux distro under the sun try so hard to protect the garbage under /usr/bin/ and /etc/ when literally the only files that matter to me are in /home, which is a free-for-all? |
|
| ▲ | thewebguyd 3 hours ago | parent | next [-] |
| Because Linux (and other nixes) have their root in multiuser/time-share systems/servers. Protecting the system* from the users was important, and protecting users from other users equally as important. Protecting the user's $HOME from themselves/user-level programs wasn't as much of a concern, the user was assumed to be responsible enough to manage it themselves. |
|
| ▲ | razighter777 7 hours ago | parent | prev | next [-] |
| Linux /home is far from a free for all. flatpak, landlock, selinux, podman, firejail, apparmor, and systemd sandboxing all exist and can and do apply additional restrictions under /home |
|
| ▲ | TZubiri 8 hours ago | parent | prev | next [-] |
| >Why does every Linux distro under the sun try so hard to protect the garbage under /usr/bin/ and /etc Because a compromised user could infect shared executables and spread the infection. A bit harder to do with etc but for sure possible. The main target would be infecting bash and you are done from the get go. >when literally the only files that matter to me are in /home, which is a free-for-all? The home folder's read write is usually restricted to the user. The only scenario where this isn't the case to my knowledge is Ubuntu where others can read it, but this is just a huge flaw in Ubuntu that almost no other distro has. |
| |
| ▲ | 7 hours ago | parent | next [-] | | [deleted] | |
| ▲ | oblio 8 hours ago | parent | prev [-] | | > when literally the only files that matter to me are in /home, which is a free-for-all? > The home folder's read write is usually restricted to the user. Yeah, and that is the point. All user's programs including curl, wget, the web browser, anything else that connects to the network run as the user, and all the user's programs, by default, have access to everything inside ${HOME}. Most people don't really care if /bin gets obliterated, but they do care dearly when /home/joe/photos/annies-2nd-birthday gets wiped. | | |
| ▲ | skydhash 6 hours ago | parent | next [-] | | Protecting a user from himself is hard. Protecting user from others is easy. Linux is influenced by unix and a lot of installations are servers. Where most programs run under their own accounts. You can always have two user accounts: oblio and unsafe-oblio anf have a shared folder between the two for transferring files. Or invest into some backup software. | |
| ▲ | dgxyz 6 hours ago | parent | prev | next [-] | | Backups FTW. | |
| ▲ | TZubiri 4 hours ago | parent | prev [-] | | Just make another user bro. If you can't even create a user to run a program you distrust, the issue is not that windows doesn't provide sandboxes, it's that you don't use them And no, it's not "a lot of work" it's the bare minimum | | |
| ▲ | oblio 2 hours ago | parent [-] | | Yet 99% of the planet doesn't do "the bare minimum", bro. We have supposedly all the smartest minds in the world working in tech and they haven't been able to create a simple, cheap, reliable cross platform solution for user data protection, backup and restore. It's easier to blame users instead. | | |
| ▲ | Zenul_Abidin 14 minutes ago | parent [-] | | I rolled out a home-made backup script in Powershell - just a wrapper around wbadmin that backs up an entire system image and the a standard "Backup and Restore" backup on an external disk once I plugged it in. I even signed it and everything. |
|
|
|
|
|
| ▲ | dgxyz 9 hours ago | parent | prev [-] |
| The first point is fairly obvious and the latter point is not true (AppArmor etc) |
| |
| ▲ | oblio 8 hours ago | parent [-] | | Phew, I'm so relieved that now we have the One True Security Solution To Rule Them All, AppArmor. Oh, what do you mean there's also SELinux, Snap, Flatpack, Docker, Podman, ...? | | |
|
