[Freedombox-discuss] PHP is not the problem, security is!

Rob van der Hoeven robvanderhoeven at ziggo.nl
Mon Jul 16 12:23:50 UTC 2012


Yesterday Nick Daly started a discussion about PHP alternatives. PHP is
crap, and has a very bad security reputation. Should we use programs
that are written in PHP for the FreedomBox? 

I fully agree that we should try to avoid using PHP, but i also think
that this alone does not solve a very basic problem that the FreedomBox
community MUST solve.

The problem is that we should not trust *any* program that runs on the
FreedomBox, regardless of programming language or reputation of its
programmers. You don't get security by trusting the programs you run.
Every program contains bugs, every program can be hacked. The security
architecture of the FreedomBox must be designed with this worst-case
scenario in mind. Hacked programs should not have the capability to take
over the FreedomBox, or be able to expose private documents of its user.

An out-of-the box Debian install only has the normal Unix file system
security enabled. This type of security is designed to isolate (pseudo)
users and not programs. A program running under account A can access all
data from user A (and much more because most of the files have read
access in the other-category). This makes your web-browser the most
dangerous program to use. It can be hacked from outside your home, and
once compromised it has access to every document you made (even your
private SSH keys in ~/.ssh). Exploits for web-browsers are very popular
with governments and 3-character agencies as the following article
shows:

http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/

The FreedomBox should isolate programs and their data from each other.
This is the only way to minimize the damage from programs that
misbehave. 

On my own FreedomBox i am using lightweight virtualization (Linux
Containers) to isolate programs and their data. See:

http://freedomboxblog.nl/a-software-architecture-for-the-freedombox/

My own Wordpress blog runs safely inside a Virtual Machine and cannot
access any data from other programs. PHP is not a problem here.

Virtualization is not the only way to isolate programs. Another way that
i am planning to investigate is Mandatory Access Control. With MAC you
can specify which resources a program can access. There are several
different MAC implementations. AKARI (a version of TOMOYO Linux) looks
very promising. Links:

Mainpage: http://akari.sourceforge.jp/about.html.en
Video introduction: http://tomoyo.sourceforge.jp/about.html.en#videos

Rob.
http://freedomboxblog.nl





More information about the Freedombox-discuss mailing list