Thread: First thoughts about the (pre) Sailfish OS 2.0
View Single Post
JulmaHerra is offline JulmaHerra
2015-09-16 , 12:31
Posts: 285 | Thanked: 1,900 times | Joined on Feb 2010
#399
Originally Posted by Feathers McGraw View Post
Right... wish me luck, I'm going to try and pull ths in a slightly more constructive direction and talk about something Jolla could change without turning their business model upside-down:
Good luck.

I read somewhere before that a big chunk of Red Hat support contracts are with the US military. If Jolla wants to capture part of the government/military market, they desperately need to improve the security model on Sailfish. There has been some talk of "Sailfish Secure" but as far as I can tell nothing has materialised so far.
This is important notice. Years ago Red Hat effectively ditched consumer market and concentrated on enterprise only. It was sensible and successful choice for them. However, Sailfish doesn't compare to that as it's completely different kind of beast - it cannot succeed without being somewhat successful in the consumer market whereas Red Hat didn't have to give a flying duck about consumer space when working with enterprise/data center related stuff. So, Sailfish secure is definitely needed, but it cannot replace the consumer point of view. And it will take some time to implement, test, certificate etc...

I'd also like to point out that there are numerous endeavors that have ended up in bankruptcy or just ceased operations on FOSS consumer market. Even Canonical is funding their consumer desktop operations using revenue generated from enterprise as the consumer operations income don't really cover the costs. It may be different though within mobile space as it's more difficult to implement those sources into working device.

...installed apps could therefore install other things (that run as root) without authentication!
AFAIK this is not possible, as nemo doesn't have root-privileges and it cannot use those privileges without authentication. It does have more privileges than regular user in regular Linux server or desktop, this is one of those parts that are so because of usability - no regular user is willing to enter password every single time they want to install or update apps.

Another thing is that (if I understand it correctly, please correct me if I'm wrong) root privileges are by default beyond the reach of regular user in Sailfish. You need to enable developer mode and set the password to be able to get root privileges. This IMO is safer than having users with either default passwords or those 123456-style passwords for root in their devices. This doesn't mean that user or malicious software is not able to do harm, as the important stuff (like contacts, other personal data) needs to be accessed by nemo.

Also related, the roadmap says Jolla researched SELinux some time ago, so maybe there's a more elegant way of achieving this using SELinux?
I don't think there is any elegant way of doing things with SELinux.... it's very effective way though, when done correctly.
Last edited by JulmaHerra; 2015-09-16 at 12:37.
 

The Following 4 Users Say Thank You to JulmaHerra For This Useful Post: