Yesterday Nick Daly started a discussion about PHP alternatives. PHP is crap, and has a very bad security reputation. Should we use programs that are written in PHP for the FreedomBox?
I fully agree that we should try to avoid using PHP, but i also think that this alone does not solve a very basic problem that the FreedomBox community MUST solve. The problem is that we should not trust *any* program that runs on the FreedomBox, regardless of programming language or reputation of its programmers. You don't get security by trusting the programs you run. Every program contains bugs, every program can be hacked. The security architecture of the FreedomBox must be designed with this worst-case scenario in mind. Hacked programs should not have the capability to take over the FreedomBox, or be able to expose private documents of its user. An out-of-the box Debian install only has the normal Unix file system security enabled. This type of security is designed to isolate (pseudo) users and not programs. A program running under account A can access all data from user A (and much more because most of the files have read access in the other-category). This makes your web-browser the most dangerous program to use. It can be hacked from outside your home, and once compromised it has access to every document you made (even your private SSH keys in ~/.ssh). Exploits for web-browsers are very popular with governments and 3-character agencies as the following article shows: http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/ The FreedomBox should isolate programs and their data from each other. This is the only way to minimize the damage from programs that misbehave. On my own FreedomBox i am using lightweight virtualization (Linux Containers) to isolate programs and their data. See: http://freedomboxblog.nl/a-software-architecture-for-the-freedombox/ My own Wordpress blog runs safely inside a Virtual Machine and cannot access any data from other programs. PHP is not a problem here. Virtualization is not the only way to isolate programs. Another way that i am planning to investigate is Mandatory Access Control. With MAC you can specify which resources a program can access. There are several different MAC implementations. AKARI (a version of TOMOYO Linux) looks very promising. Links: Mainpage: http://akari.sourceforge.jp/about.html.en Video introduction: http://tomoyo.sourceforge.jp/about.html.en#videos Rob. http://freedomboxblog.nl _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
