I would love to see a web browser that uses Genode's security features and is much more feasible to audit than Chrome, Firefox, etc.
On Mon, Jun 15, 2015 at 12:42 PM, Jookia <166...@gmail.com> wrote: > On Mon, Jun 15, 2015 at 11:00:54AM +0200, Norman Feske wrote: > > Hi again, > > > > everything you write resonates very well with me. I hope that Genode > > will eventually become a viable technological foundation for Qubes-like > > solutions. There is still a long way to go. But with the Turmvilla > > scenario, we are taking the first baby steps in this direction. > > I'm so glad! One thing holding me back from going the Turmvilla route is > actually the window manager not being tiled. Maybe that's just an excuse. > > > This is spot-on! > > > > Actually, even when using a full VM on top of Genode, the TCB for > > keeping VMs isolated is much smaller compared to the current state of > > the art. E.g., NOVA is an order of magnitude less complex than Xen. > > Granted, there are resource multiplexers that are shared by different > > domains (like the nitpicker GUI server or the NIC bridge). But in > > contrast to a Linux-based dom0, those components are small enough for a > > thorough evaluation. > > That's quite interesting. I have a feeling somewhere down the line someone > will > get Qubes running on Genode, whether as just the hypervisor or as the GUI > too. > > > there is also the noux runtime as a middle-ground, which allows us to > > use command-line-based GNU software (like Vim, GCC, make) directly on > > Genode. > > I've heard about that which gives me a lot of hope about some kind of > transition of my standard applications which are mostly terminal-based at > this > point. Unfortunately being the GTK+ fan I am, there'll be some pain there. > > > In your other email, you asked about the security of the Arora web > browser. > > I didn't actually ask this, but I'm still interested in the discussion so I > suppose I'll weigh in. > > > To be honest, I would not trust the code of Arora + Webkit + > > Qt5 to be secure. It is too complex for a realistic assessment. But > > while not trusting the code, we still know that the web browser cannot > > store any information to disk. It cannot even see any files of the user. > > It can merely observe the user input referring to the browser window. It > > cannot install any spyware. It cannot ptrace other processes. It does > > not even know which other components exist on the system. Hence, even > > though we cannot make any assumption about the security of the web > > browser itself, we know that it can do less harm when executed as a > > sandboxed Genode component. The same idea to other applications like a > > media viewer (where a bug in a codec would normally pose a security > > risk) or a PDF reader. > > I'd argue browsers are fundamentally broken. I love the web, but we have > to keep > in mind that browsers aren't here to empower us. They're basically > sandboxed > operating systems whose sole purpose is to run nonfree code downloaded > from the > Internet and execute it somewhat safely. You can't modify this code and > fix it > or improve it as it's nonfree. You also can't run your own code or verify > it to > have nice things like actual end-to-end encryption working securely. > > Isolating browsers is a useful tool but we still end up with the problem > of them > being black boxes where the user doesn't control the data inside them. > This is > quite a bleak situation, I think it boils down to being cautious of > monolithic > architectures. > > Not all is lost though! I would love to see some hacking on a composable > browser like uzbl or surf to leverge Genode's security features. Perhaps > then > the only black box we'd have would be WebKitGTK. Personally I wouldn't > mind a > slightly worse engine to WebKit if it meant I could compile a browser in > less > than twelve hours on ARM, but I'm quite tolerant of feature loss. > > > Cheers > > Norman > > Thanks, > Jookia. > > > ------------------------------------------------------------------------------ > _______________________________________________ > genode-main mailing list > genode-main@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/genode-main >
------------------------------------------------------------------------------
_______________________________________________ genode-main mailing list genode-main@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/genode-main